Protect DELETE method.

* Fix tests. Change-Id: I3f6c14a76a5a2da912b49c76f63b4c8ce52123c7
author: Milo Casagrande <milo.casagrande@linaro.org> 2014-07-25 10:57:26 +0200
committer: Milo Casagrande <milo.casagrande@linaro.org> 2014-07-25 10:57:26 +0200
commit: e5ec47e1d9f5b7a2afeabcc8874fd156fb9a51da (patch)
tree: 35532509997393fc0429b990af0c3480ab468621 /app/handlers/base.py
parent: 9229a4add4d41393c5fbd0936efc5ca5b10a79c9 (diff)
1 files changed, 4 insertions, 17 deletions
diff --git a/app/handlers/base.py b/app/handlers/base.py
index 6ca39f9..1e64738 100644
--- a/app/handlers/base.py
+++ b/app/handlers/base.py
@@ -244,26 +244,13 @@ class BaseHandler(RequestHandler):
         """
         self.write_error(status_code=501)
 
+    @protected
     @asynchronous
     def delete(self, *args, **kwargs):
-        request_code = self._valid_del_request()
-
-        if request_code == 200:
-            if kwargs and kwargs.get('id', None):
-                self._delete(kwargs['id'])
-            else:
-                self.write_error(status_code=400)
+        if kwargs and kwargs.get('id', None):
+            self._delete(kwargs['id'])
         else:
-            self.write_error(status_code=request_code)
-
-    def _valid_del_request(self):
-        """Check if the DELETE request is valid."""
-        return_code = 200
-
-        if not self._has_xsrf_header():
-            return_code = 403
-
-        return return_code
+            self.write_error(status_code=400)
 
     def _delete(self, doc_id):
         """Placeholder method - used internally.
author	Milo Casagrande <milo.casagrande@linaro.org>	2014-07-25 10:57:26 +0200
committer	Milo Casagrande <milo.casagrande@linaro.org>	2014-07-25 10:57:26 +0200
commit	e5ec47e1d9f5b7a2afeabcc8874fd156fb9a51da (patch)
tree	35532509997393fc0429b990af0c3480ab468621 /app/handlers/base.py
parent	9229a4add4d41393c5fbd0936efc5ca5b10a79c9 (diff)