From a1a1b524fd02a57bd514ed95580fea8b67e1cede Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Wed, 6 Oct 2021 18:36:16 +0200
Subject: Syndication - docs, api permissions

Permissions by token, IP and by model.
---
 ishtar_common/rest.py | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 ishtar_common/rest.py

(limited to 'ishtar_common/rest.py')

diff --git a/ishtar_common/rest.py b/ishtar_common/rest.py
new file mode 100644
index 000000000..9354a943d
--- /dev/null
+++ b/ishtar_common/rest.py
@@ -0,0 +1,31 @@
+from rest_framework import authentication, permissions
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+from ishtar_common.models import ApiSearchModel
+
+
+class IpModelPermission(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if not request.user or not getattr(request.user, "apiuser", None):
+            return False
+        ip_addr = request.META['REMOTE_ADDR']
+        q = ApiSearchModel.objects.filter(
+            user=request.user.apiuser,
+            user__ip=ip_addr,
+            content_type__app_label=view.model._meta.app_label,
+            content_type__model=view.model._meta.model_name)
+        return bool(q.count())
+
+
+class SearchAPIView(APIView):
+    model = None
+    authentication_classes = (authentication.TokenAuthentication,)
+    permission_classes = (permissions.IsAuthenticated, IpModelPermission)
+
+    def __init__(self, **kwargs):
+        assert self.model is not None
+        super(SearchAPIView, self).__init__(**kwargs)
+
+    def get(self, request, format=None):
+        return Response({})
-- 
cgit v1.2.3