Skip to content
Permalink
Browse files

Fix security flaw

  • Loading branch information...
Depado committed May 11, 2015
1 parent 60267d8 commit 870cd0f0cb913425d1e9ae7dfb7d7cc36a7416cb
Showing with 11 additions and 0 deletions.
  1. +11 −0 app/api/user.py
@@ -27,9 +27,20 @@ def user_serializer(instance):
def user_deserializer(data):
return UserSchema().load(data).data


def get_many_postprocessor(result=None, search_params=None, **kw):
if result:
for user in result['objects']:
new = user_serializer(user_deserializer(user))
user.clear()
user.update(new)

manager.create_api(
User,
methods=['GET', ],
postprocessors=dict(
GET_MANY=[get_many_postprocessor,],
),
url_prefix="/api/v1",
serializer=user_serializer,
deserializer=user_deserializer

0 comments on commit 870cd0f

Please sign in to comment.
You can’t perform that action at this time.