matthias/loggi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[loggi-6ye] DRY entry lookup + access check boilerplate in routes.py #123

New issue
Closed
opened 2026-02-21 21:14:32 +01:00 by matthias · 0 comments
matthias commented 2026-02-21 21:14:32 +01:00
Owner
Copy link

Bead ID: loggi-6ye
Type: task
Priority: P2
Status: closed
Close reason: Extracted _require_entry() helper in routes.py. Refactored 8 API endpoints (entry_detail, entry_records, entry_active_record, record_detail, share_entry, list_shares, manage_share, create_pin) to use it. Supports min_role parameter for admin-only and write-only access checks. All 174 tests pass, Docker build and smoke test confirmed.

routes.py repeats a 4-line entry-lookup + access-check pattern in 8 API endpoints:

entry = db.session.get(Entry, entry_id)
if not entry:
    return jsonify({"error": "Entry not found"}), 404
role = entry_access(current_user, entry)
if not role:
    return jsonify({"error": "Access denied"}), 403

Extract a _get_entry_or_error(entry_id) helper that returns (entry, role) or a JSON error response. This reduces ~32 lines of boilerplate and makes endpoints more readable. The helper should be usable from routes.py (and optionally export.py which has the same pattern once).

Variants to handle:

  • Any access (most endpoints)
  • Admin-only (share_entry, list_shares, manage_share)
  • Write access (record_detail checks role != READ)
  • entry_view redirects instead of 404/403 — leave as-is

Previously identified in code-health-final.md item #4, deferred from loggi-6e4.

**Bead ID:** `loggi-6ye` **Type:** task **Priority:** P2 **Status:** closed **Close reason:** Extracted _require_entry() helper in routes.py. Refactored 8 API endpoints (entry_detail, entry_records, entry_active_record, record_detail, share_entry, list_shares, manage_share, create_pin) to use it. Supports min_role parameter for admin-only and write-only access checks. All 174 tests pass, Docker build and smoke test confirmed. --- routes.py repeats a 4-line entry-lookup + access-check pattern in 8 API endpoints: ```python entry = db.session.get(Entry, entry_id) if not entry: return jsonify({"error": "Entry not found"}), 404 role = entry_access(current_user, entry) if not role: return jsonify({"error": "Access denied"}), 403 ``` Extract a `_get_entry_or_error(entry_id)` helper that returns `(entry, role)` or a JSON error response. This reduces ~32 lines of boilerplate and makes endpoints more readable. The helper should be usable from routes.py (and optionally export.py which has the same pattern once). Variants to handle: - Any access (most endpoints) - Admin-only (share_entry, list_shares, manage_share) - Write access (record_detail checks role != READ) - entry_view redirects instead of 404/403 — leave as-is Previously identified in code-health-final.md item #4, deferred from loggi-6e4.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
beads-sync
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
matthias/loggi#123
No description provided.