Token based API auth for Data PATCH
parent
215b26ae80
commit
23269f47b8
|
@ -0,0 +1,22 @@
|
|||
from rest_framework import permissions
|
||||
|
||||
|
||||
class SafeMethodsOnlyPermission(permissions.BasePermission):
|
||||
"""Anyone can access non-destructive methods (like GET and HEAD)"""
|
||||
def has_permission(self, request, view):
|
||||
return self.has_object_permission(request, view)
|
||||
|
||||
def has_object_permission(self, request, view, obj=None):
|
||||
return request.method in permissions.SAFE_METHODS
|
||||
|
||||
|
||||
class StationOwnerCanEditPermission(SafeMethodsOnlyPermission):
|
||||
"""Only the owner can push new data"""
|
||||
def has_object_permission(self, request, view, obj=None):
|
||||
if obj is None:
|
||||
can_edit = True
|
||||
else:
|
||||
can_edit = request.user == obj.observation.author
|
||||
return (can_edit or
|
||||
super(StationOwnerCanEditPermission,
|
||||
self).has_object_permission(request, view, obj))
|
|
@ -48,4 +48,4 @@ class ObservationSerializer(serializers.ModelSerializer):
|
|||
class DataSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = Data
|
||||
fields = ('start', 'end', 'observation', 'ground_station', 'payload')
|
||||
fields = ('id', 'start', 'end', 'observation', 'ground_station', 'payload')
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
from rest_framework import viewsets
|
||||
from rest_framework import viewsets, mixins
|
||||
|
||||
from api.perms import StationOwnerCanEditPermission
|
||||
from api import serializers
|
||||
from base.models import (Antenna, Data, Observation, Satellite, Station,
|
||||
Transponder)
|
||||
|
@ -30,6 +31,10 @@ class ObservationView(viewsets.ModelViewSet):
|
|||
serializer_class = serializers.ObservationSerializer
|
||||
|
||||
|
||||
class DataView(viewsets.ModelViewSet):
|
||||
class DataView(viewsets.ReadOnlyModelViewSet,
|
||||
mixins.UpdateModelMixin):
|
||||
queryset = Data.objects.all()
|
||||
serializer_class = serializers.DataSerializer
|
||||
permission_classes = [
|
||||
StationOwnerCanEditPermission
|
||||
]
|
||||
|
|
|
@ -3,11 +3,7 @@
|
|||
{% block title %}SatNOGS Network API{% endblock %}
|
||||
|
||||
{% block branding %}
|
||||
<a class='brand' rel="nofollow" href='#'>
|
||||
SatNOGS Network API <span class="version">1.0</span>
|
||||
</a>
|
||||
{% endblock %}
|
||||
|
||||
{% block footer %}
|
||||
<p>2014 - The SatNOGS devs</p>
|
||||
<a class="navbar-brand" rel="nofollow" href="#">
|
||||
SatNOGS Network API <span class="version"></span>
|
||||
</a>
|
||||
{% endblock %}
|
|
@ -7,9 +7,10 @@ from django.db.models.signals import post_save
|
|||
|
||||
|
||||
def gen_token(sender, instance, created, **kwargs):
|
||||
token = Token.objects.get(user=instance)
|
||||
if not token:
|
||||
Token.objects.crete(user=instance)
|
||||
try:
|
||||
Token.objects.get(user=instance)
|
||||
except:
|
||||
Token.objects.create(user=instance)
|
||||
|
||||
|
||||
class User(AbstractUser):
|
||||
|
|
|
@ -56,7 +56,10 @@ def view_user(request, username):
|
|||
user = User.objects.get(username=username)
|
||||
observations = Observation.objects.filter(author=user)[0:10]
|
||||
stations = Station.objects.filter(owner=user)
|
||||
token = Token.objects.get(user=user)
|
||||
try:
|
||||
token = Token.objects.get(user=user)
|
||||
except:
|
||||
token = Token.objects.create(user=user)
|
||||
form = StationForm()
|
||||
if request.method == 'POST':
|
||||
form = StationForm(request.POST, request.FILES)
|
||||
|
|
|
@ -31,6 +31,6 @@ django-autoslug==1.7.2
|
|||
orbit==0.2
|
||||
|
||||
# Django REST framework
|
||||
djangorestframework
|
||||
djangorestframework==3.0.1
|
||||
markdown
|
||||
django-filter
|
||||
django-filter
|
||||
|
|
|
@ -4,4 +4,5 @@ Sphinx
|
|||
|
||||
# django-debug-toolbar that works with Django 1.5+
|
||||
django-debug-toolbar==1.2.1
|
||||
sqlparse==0.1.14
|
||||
factory_boy
|
||||
|
|
Loading…
Reference in New Issue