4: Authenticated Services and Security with JWTs
Activity 7: Implementing Access Control on the publish/unpublish Recipe Function
Solution
- Modify the
put
method inRecipePublishResource
to restrict access to only authenticated users. Inresources/token.py
, add the@jwt_required
decorator on top of theRecipePublishResource.put
method. Use theget_jwt_identity()
function to identify whether the authenticated user is the owner of the recipe:@jwt_required def put(self, recipe_id): recipe = Recipe.get_by_id(recipe_id=recipe_id) if recipe is None: return {'message': 'Recipe not found'}, HTTPStatus.NOT_FOUND current_user = get_jwt_identity() if current_user...