Merge pull request #24 from pasevin/master

Adds DRF permissions option

.gitignore

@@ -56,3 +56,4 @@ target/
 # Sphinx documentation files
 docs/_build/
 
+/.idea

README.md

@@ -295,6 +295,22 @@ delete_stored_upload(upload_id, delete_file=True)
 # disk or the remote storage service.
 ``` 
 
+#### DRF Permissions
+
+By default no permissions are applied on API endpoints. If you want to assign certain permissions such as ```rest_framework.permissions.IsAuthenticated``` you can do it like so:
+
+```python
+DJANGO_DRF_FILEPOND_PERMISSION_CLASSES = {
+    'GET_FETCH': ['rest_framework.permissions.IsAuthenticated', ],
+    'GET_LOAD': ['rest_framework.permissions.IsAuthenticated', ],
+    'POST_PROCESS': ['rest_framework.permissions.IsAuthenticated', ],
+    'GET_RESTORE': ['rest_framework.permissions.IsAuthenticated', ],
+    'DELETE_REVERT': ['rest_framework.permissions.IsAuthenticated', ],
+}
+```
+
+You can add more than one permission for each endpoint.
+
 ### License
 
 This repository is licensed under a BSD 3-Clause license. Please see the [LICENSE](LICENSE) file in the root of the repository.

django_drf_filepond/drf_filepond_settings.py

@@ -10,9 +10,9 @@
 ******** DJANGO_DRF_FILEPOND_UPLOAD_TMP in your top level app settings.
 ******** THIS IS CURRENTLY USED ONLY FOR INTEGRATION TESTS
 '''
+import django_drf_filepond
 import os
 from django.conf import settings
-import django_drf_filepond
 
 _app_prefix = 'DJANGO_DRF_FILEPOND_'
 
@@ -57,4 +57,6 @@
 # elsewhere.
 ALLOW_EXTERNAL_UPLOAD_DIR = getattr(settings, 
                                     _app_prefix+'ALLOW_EXTERNAL_UPLOAD_DIR',
-                                    False)
+                                    False)
+# Optional permissions settings for each endpoint.
+PERMISSION_CLASSES = getattr(settings, _app_prefix+'PERMISSION_CLASSES', {})

django_drf_filepond/views.py

@@ -1,34 +1,34 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
-from io import BytesIO
+import importlib
 import logging
+import mimetypes
 
 import django_drf_filepond.drf_filepond_settings as local_settings
+import os
+import re
+import requests
+import shortuuid
+import django_drf_filepond
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import UploadedFile, InMemoryUploadedFile
 from django.core.validators import URLValidator
-import requests
+from django.http.response import HttpResponse, HttpResponseNotFound, \
+    HttpResponseServerError
+from django_drf_filepond.api import get_stored_upload, \
+    get_stored_upload_file_data
+from django_drf_filepond.exceptions import ConfigurationError
+from django_drf_filepond.models import TemporaryUpload, storage, StoredUpload
+from django_drf_filepond.parsers import PlainTextParser
+from django_drf_filepond.renderers import PlainTextRenderer
+from io import BytesIO
 from requests.exceptions import ConnectionError
 from rest_framework import status
 from rest_framework.exceptions import ParseError, NotFound
 from rest_framework.parsers import MultiPartParser
 from rest_framework.response import Response
 from rest_framework.views import APIView
-import shortuuid
-
-from django_drf_filepond.models import TemporaryUpload, storage, StoredUpload
-from django_drf_filepond.parsers import PlainTextParser
-from django_drf_filepond.renderers import PlainTextRenderer
-import re
-import os
-import mimetypes
-from django.http.response import HttpResponse, HttpResponseNotFound,\
-    HttpResponseServerError
-from django_drf_filepond.api import get_stored_upload,\
-    get_stored_upload_file_data
-from django_drf_filepond.exceptions import ConfigurationError
-import django_drf_filepond
 
 LOG = logging.getLogger(__name__)
 
@@ -63,6 +63,21 @@ def _get_content_type(data, temporary=True):
     return mimetypes.guess_type(data)[0]
 
 
+def _import_permission_classes(endpoint):
+    """
+    Iterates over array of string representations of permission classes from
+    settings specified.
+    """
+    permission_classes = []
+    if endpoint in local_settings.PERMISSION_CLASSES.keys():
+        for perm_str in local_settings.PERMISSION_CLASSES[endpoint]:
+            (modname, clname) = perm_str.rsplit('.', 1)
+            mod = importlib.import_module(modname)
+            class_ = getattr(mod, clname)
+            permission_classes.append(class_)
+    return permission_classes
+
+
 class ProcessView(APIView):
     '''
     This view receives an uploaded file from the filepond client. It
@@ -76,6 +91,7 @@ class ProcessView(APIView):
     # from FilePond.
     parser_classes = (MultiPartParser,)
     renderer_classes = (PlainTextRenderer,)
+    permission_classes = _import_permission_classes('POST_PROCESS')
 
     def post(self, request):
         LOG.debug('Filepond API: Process view POST called...')
@@ -163,6 +179,7 @@ class RevertView(APIView):
 
     parser_classes = (PlainTextParser,)
     renderer_classes = (PlainTextRenderer,)
+    permission_classes = _import_permission_classes('DELETE_REVERT')
     '''
     This is called when we need to revert the uploaded file - i.e. undo is
     pressed and we remove the previously uploaded temporary file.
@@ -203,6 +220,8 @@ class LoadView(APIView):
     directory specified by the DJANGO_DRF_FILEPOND_FILE_STORE_PATH
     setting parameter).
     """
+    permission_classes = _import_permission_classes('GET_LOAD')
+
     def get(self, request):
         LOG.debug('Filepond API: Load view GET called...')
 
@@ -245,6 +264,7 @@ def get(self, request):
 
 
 class RestoreView(APIView):
+    permission_classes = _import_permission_classes('GET_RESTORE')
 
     # Expect the upload ID to be provided with the 'name' parameter
     def get(self, request):
@@ -288,6 +308,7 @@ def get(self, request):
 
 
 class FetchView(APIView):
+    permission_classes = _import_permission_classes('GET_FETCH')
 
     def _process_request(self, request):
         LOG.debug('Filepond API: Fetch view GET called...')