protect routes modifying resources

Author: piyush-jaiswal

app/routes.py

@@ -136,13 +136,16 @@ def refresh():
 
 
 @app.route('/category/create', methods=['POST'])
+@jwt_required()
 def create_category():
     """
     Create Category
     ---
     tags:
         - Category
     description: Create a new category.
+    security:
+        - access_token: []
     requestBody:
         required: true
         description: name - Name of the category <br> subcategories - Array of subcategory ids (optional)
@@ -164,6 +167,8 @@ def create_category():
             description: Category created successfully.
         400:
             description: Invalid input.
+        401:
+            description: Token expired, missing or invalid.
         500:
             description: Error occurred.
     """
@@ -210,13 +215,16 @@ def get_category(c_id):
 
 
 @app.route('/category/<int:c_id>/update', methods=['PUT'])
+@jwt_required()
 def update_category(c_id):
     """
     Update Category
     ---
     tags:
         - Category
     description: Update an existing category.
+    security:
+        - access_token: []
     parameters:
         - in: path
           name: c_id
@@ -268,13 +276,16 @@ def update_category(c_id):
 
 
 @app.route("/category/<int:c_id>", methods=["DELETE"])
+@jwt_required()
 def delete_category(c_id):
     """
     Delete Category
     ---
     tags:
         - Category
     description: Delete a category by ID.
+    security:
+        - access_token: []
     parameters:
         - in: path
           name: c_id
@@ -402,13 +413,16 @@ def get_category_products(c_id):
 
 
 @app.route('/subcategory/create', methods=['POST'])
+@jwt_required()
 def create_subcategory():
     """
     Create Subcategory
     ---
     tags:
         - Subcategory
     description: Create a new subcategory.
+    security:
+        - access_token: []
     requestBody:
         required: true
         description: name - Name of the subcategory <br> categories - Array of category ids (optional) <br> products - Array of product ids (optional)
@@ -502,13 +516,16 @@ def get_subcategory(sc_id):
 
 
 @app.route('/subcategory/<int:sc_id>/update', methods=['PUT'])
+@jwt_required()
 def update_subcategory(sc_id):
     """
     Update Subcategory
     ---
     tags:
         - Subcategory
     description: Update an existing subcategory.
+    security:
+        - access_token: []
     parameters:
         - in: path
           name: sc_id
@@ -568,13 +585,16 @@ def update_subcategory(sc_id):
 
 
 @app.route("/subcategory/<int:sc_id>", methods=["DELETE"])
+@jwt_required()
 def delete_subcategory(sc_id):
     """
     Delete Subcategory
     ---
     tags:
         - Subcategory
     description: Delete a subcategory by ID.
+    security:
+        - access_token: []
     parameters:
         - in: path
           name: sc_id
@@ -676,13 +696,16 @@ def get_subcategory_products(sc_id):
 
 
 @app.route('/product/create', methods=['POST'])
+@jwt_required()
 def create_product():
     """
     Create Product
     ---
     tags:
         - Product
     description: Create a new product.
+    security:
+        - access_token: []
     requestBody:
         required: true
         description: name - Name of the product <br> description - Description of the product (optional) <br> subcategories - Array of subcategory ids (optional)
@@ -755,13 +778,16 @@ def get_product(p_id):
 
 
 @app.route('/product/<int:p_id>/update', methods=['PUT'])
+@jwt_required()
 def update_product(p_id):
     """
     Update Product
     ---
     tags:
         - Product
     description: Update an existing product.
+    security:
+        - access_token: []
     consumes:
         - application/json
     parameters:
@@ -820,13 +846,16 @@ def update_product(p_id):
 
 
 @app.route("/product/<int:p_id>", methods=["DELETE"])
+@jwt_required()
 def delete_product(p_id):
     """
     Delete Product
     ---
     tags:
         - Product
     description: Delete a product by ID.
+    security:
+        - access_token: []
     parameters:
         - in: path
           name: p_id