Allowing mapstore apis to use Oauth2 authentication tokens

GeoNode · Oct 18, 2020 · c04e7a0 · c04e7a0
1 parent 71262c6
commit c04e7a0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/mapstore2_adapter/api/serializers.py b/mapstore2_adapter/api/serializers.py
@@ -31,8 +31,6 @@ def to_internal_value(self, data):
     def to_representation(self, value):
         try:
             return value.blob
-        # try:
-        #     return json.loads(value)
         except Exception:
             return value
 
@@ -62,15 +60,36 @@ def to_representation(self, value):
         return attributes
 
 
+class MapLayersJSONArraySerializerField(serializers.Field):
+
+    def to_internal_value(self, data):
+        return data
+
+    def to_representation(self, value):
+        if value:
+            from geonode.maps.models import Map
+            from geonode.maps.api.serializers import MapLayerSerializer
+            # from geonode.layers.api.serializers import LayerSerializer
+            map = Map.objects.get(id=value)
+            # return [
+            #     MapLayerSerializer(embed=True, many=True).to_representation(map.layers),
+            #     LayerSerializer(embed=True, many=True).to_representation(map.local_layers)
+            # ]
+            return MapLayerSerializer(embed=True, many=True).to_representation(map.layers)
+
+
 class UserSerializer(serializers.HyperlinkedModelSerializer):
+
     class Meta:
         model = get_user_model()
-        fields = ('url', 'username', 'email', 'is_staff')
+        fields = ('url', 'username', 'email', 'is_staff', 'is_active', 'is_superuser',)
 
 
 class MapStoreResourceSerializer(serializers.HyperlinkedModelSerializer):
     user = serializers.CharField(source='user.username',
                                  read_only=True)
+    layers = MapLayersJSONArraySerializerField(source='id',
+                                               read_only=True)
 
     def __init__(self, *args, **kwargs):
         # Instantiate the superclass normally
@@ -83,4 +102,4 @@ def __init__(self, *args, **kwargs):
 
     class Meta:
         model = MapStoreResource
-        fields = ('id', 'user', 'name', 'creation_date', 'last_update')
+        fields = ('id', 'user', 'layers', 'name', 'creation_date', 'last_update')
diff --git a/mapstore2_adapter/api/views.py b/mapstore2_adapter/api/views.py
@@ -13,7 +13,9 @@
 
 from rest_framework import viewsets
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
-from rest_framework.permissions import IsAdminUser, IsAuthenticated
+from rest_framework.permissions import IsAdminUser, IsAuthenticated, IsAuthenticatedOrReadOnly  # noqa
+from oauth2_provider.contrib.rest_framework import OAuth2Authentication
+from geonode.base.api.permissions import IsOwnerOrReadOnly
 
 from .models import MapStoreResource
 from .serializers import (UserSerializer,
@@ -29,7 +31,7 @@ class UserViewSet(viewsets.ModelViewSet):
     """
     API endpoint that allows users to be viewed or edited.
     """
-    authentication_classes = (SessionAuthentication, BasicAuthentication)
+    authentication_classes = (SessionAuthentication, BasicAuthentication, OAuth2Authentication)
     permission_classes = (IsAdminUser,)
     queryset = get_user_model().objects.all()
     serializer_class = UserSerializer
@@ -38,8 +40,8 @@ class UserViewSet(viewsets.ModelViewSet):
 class MapStoreResourceViewSet(viewsets.ModelViewSet):
     """ Only Authenticate User perform CRUD Operations on Respective Data
     """
-    authentication_classes = (SessionAuthentication, BasicAuthentication)
-    permission_classes = (IsAuthenticated,)
+    authentication_classes = [SessionAuthentication, BasicAuthentication, OAuth2Authentication]
+    permission_classes = [IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]
     model = MapStoreResource
     serializer_class = MapStoreResourceSerializer