Implement proper permissions

prateekj117 · prateekj117 · commit 2a615ba4d755 · 2019-06-18T19:34:30.000+05:30
diff --git a/app/api/user_favourite_events.py b/app/api/user_favourite_events.py
@@ -2,6 +2,7 @@
 from flask_jwt import current_identity as current_user, _jwt_required
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 
+from app.api.bootstrap import api
 from app.api.helpers.db import safe_query
 from app.api.helpers.exceptions import ForbiddenException, ConflictException
 from app.api.helpers.permission_manager import has_access
@@ -81,6 +82,7 @@ class UserFavouriteEventDetail(ResourceDetail):
     """
 
     methods = ['GET', 'DELETE']
+    decorators = (api.has_permission('is_user_itself'),)
     schema = UserFavouriteEventSchema
     data_layer = {'session': db.session,
                   'model': UserFavouriteEvent,
diff --git a/tests/hook_main.py b/tests/hook_main.py
@@ -4371,7 +4371,7 @@ def favourite_event_details_get(transaction):
     :return:
     """
     with stash['app'].app_context():
-        user_fav_event = UserFavouriteEventFactory()
+        user_fav_event = UserFavouriteEventFactory(event_id=1)
         db.session.add(user_fav_event)
         db.session.commit()
 
@@ -4384,7 +4384,7 @@ def favourite_event_delete(transaction):
     :return:
     """
     with stash['app'].app_context():
-        user_fav_event = UserFavouriteEventFactory()
+        user_fav_event = UserFavouriteEventFactory(event_id=1)
         db.session.add(user_fav_event)
         db.session.commit()
 
