diff options
author | Milo Casagrande <milo.casagrande@linaro.org> | 2014-07-25 10:57:26 +0200 |
---|---|---|
committer | Milo Casagrande <milo.casagrande@linaro.org> | 2014-07-25 10:57:26 +0200 |
commit | e5ec47e1d9f5b7a2afeabcc8874fd156fb9a51da (patch) | |
tree | 35532509997393fc0429b990af0c3480ab468621 /app/handlers/base.py | |
parent | 9229a4add4d41393c5fbd0936efc5ca5b10a79c9 (diff) |
Protect DELETE method.
* Fix tests.
Change-Id: I3f6c14a76a5a2da912b49c76f63b4c8ce52123c7
Diffstat (limited to 'app/handlers/base.py')
-rw-r--r-- | app/handlers/base.py | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/app/handlers/base.py b/app/handlers/base.py index 6ca39f9..1e64738 100644 --- a/app/handlers/base.py +++ b/app/handlers/base.py @@ -244,26 +244,13 @@ class BaseHandler(RequestHandler): """ self.write_error(status_code=501) + @protected @asynchronous def delete(self, *args, **kwargs): - request_code = self._valid_del_request() - - if request_code == 200: - if kwargs and kwargs.get('id', None): - self._delete(kwargs['id']) - else: - self.write_error(status_code=400) + if kwargs and kwargs.get('id', None): + self._delete(kwargs['id']) else: - self.write_error(status_code=request_code) - - def _valid_del_request(self): - """Check if the DELETE request is valid.""" - return_code = 200 - - if not self._has_xsrf_header(): - return_code = 403 - - return return_code + self.write_error(status_code=400) def _delete(self, doc_id): """Placeholder method - used internally. |