Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #23 from davidslusser/serviceaccount_api_mixin
added mixins for encource service account enabled for api reponses
- Loading branch information
Showing
5 changed files
with
74 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
import re | ||
from django.http import JsonResponse | ||
from rest_framework import status | ||
from .models import ServiceAccount | ||
|
||
|
||
class ServiceAccountControlMixin: | ||
""" A mixin for Django Rest Framework viewsets that checks if the request is made from a ServiceAccount and only | ||
allows access to the endpoint if the ServiceAccount is enabled and admin_enabled. If the ServiceAccount is disabled | ||
by the owner or an admin, a 403 error will be received instead of the API response. This currently works for APIs | ||
using TokenAuthentication (rest_framework.authentication.TokenAuthentication). """ | ||
def dispatch(self, request, *args, **kwargs): | ||
mo = re.search('Token (\S+)', request.META.get('HTTP_AUTHORIZATION', '')) | ||
if mo: | ||
srv_acct = ServiceAccount.objects.get_object_or_none(user__auth_token__key=mo.group(1)) | ||
if srv_acct: | ||
if srv_acct.admin_enabled is False: | ||
return JsonResponse(data={'detail': 'this service account has been administratively disabled'}, | ||
status=status.HTTP_403_FORBIDDEN) | ||
elif srv_acct.enabled is False: | ||
return JsonResponse(data={'detail': 'this service account has been disabled'}, | ||
status=status.HTTP_403_FORBIDDEN) | ||
return super().dispatch(request, *args, **kwargs) | ||
|
||
|
||
class AllowOnlyServiceAccountMixin: | ||
""" A mixin for Django Rest Framework viewsets that only allows responses to requests made from ServiceAccounts. | ||
This currently works for APIs using TokenAuthentication (rest_framework.authentication.TokenAuthentication).""" | ||
def dispatch(self, request, *args, **kwargs): | ||
mo = re.search('Token (\S+)', request.META.get('HTTP_AUTHORIZATION', '')) | ||
if mo: | ||
srv_acct = ServiceAccount.objects.get_object_or_none(user__auth_token__key=mo.group(1)) | ||
if not srv_acct: | ||
return JsonResponse(data={'detail': 'access to this endpoint is only available to service accounts'}, | ||
status=status.HTTP_403_FORBIDDEN) | ||
return super().dispatch(request, *args, **kwargs) | ||
|
||
|
||
class AllowOnlyEnabledServiceAccountMixin: | ||
""" A mixin for Django Rest Framework viewsets that checks if the request is made from a ServiceAccount and only | ||
allows access to the endpoint if an enabled ServiceAccount made the request. If the ServiceAccount is disabled | ||
by the owner or an admin, a 403 error will be received instead of the API response. This currently works for APIs | ||
using TokenAuthentication (rest_framework.authentication.TokenAuthentication). """ | ||
def dispatch(self, request, *args, **kwargs): | ||
mo = re.search('Token (\S+)', request.META.get('HTTP_AUTHORIZATION', '')) | ||
if mo: | ||
srv_acct = ServiceAccount.objects.get_object_or_none(user__auth_token__key=mo.group(1)) | ||
if srv_acct: | ||
if srv_acct.admin_enabled is False: | ||
return JsonResponse(data={'detail': 'this service account has been administratively disabled'}, | ||
status=status.HTTP_403_FORBIDDEN) | ||
elif srv_acct.enabled is False: | ||
return JsonResponse(data={'detail': 'this service account has been disabled'}, | ||
status=status.HTTP_403_FORBIDDEN) | ||
else: | ||
return JsonResponse(data={'detail': 'access to this endpoint is only available to enabled ' | ||
'service accounts'}, status=status.HTTP_403_FORBIDDEN) | ||
return super().dispatch(request, *args, **kwargs) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters