diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2021-10-06 18:36:16 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2022-12-12 12:20:58 +0100 |
| commit | a1a1b524fd02a57bd514ed95580fea8b67e1cede (patch) | |
| tree | 0327937f9c376ae95b0777faea227bb628528dab /ishtar_common/rest.py | |
| parent | 14c5ccd235d963457485cd907712b43672c5e400 (diff) | |
| download | Ishtar-a1a1b524fd02a57bd514ed95580fea8b67e1cede.tar.bz2 Ishtar-a1a1b524fd02a57bd514ed95580fea8b67e1cede.zip | |
Syndication - docs, api permissions
Permissions by token, IP and by model.
Diffstat (limited to 'ishtar_common/rest.py')
| -rw-r--r-- | ishtar_common/rest.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/ishtar_common/rest.py b/ishtar_common/rest.py new file mode 100644 index 000000000..9354a943d --- /dev/null +++ b/ishtar_common/rest.py @@ -0,0 +1,31 @@ +from rest_framework import authentication, permissions +from rest_framework.response import Response +from rest_framework.views import APIView + +from ishtar_common.models import ApiSearchModel + + +class IpModelPermission(permissions.BasePermission): + def has_permission(self, request, view): + if not request.user or not getattr(request.user, "apiuser", None): + return False + ip_addr = request.META['REMOTE_ADDR'] + q = ApiSearchModel.objects.filter( + user=request.user.apiuser, + user__ip=ip_addr, + content_type__app_label=view.model._meta.app_label, + content_type__model=view.model._meta.model_name) + return bool(q.count()) + + +class SearchAPIView(APIView): + model = None + authentication_classes = (authentication.TokenAuthentication,) + permission_classes = (permissions.IsAuthenticated, IpModelPermission) + + def __init__(self, **kwargs): + assert self.model is not None + super(SearchAPIView, self).__init__(**kwargs) + + def get(self, request, format=None): + return Response({}) |