Add in enough to get started with django rest framework (bug 875540)

Andy McKay · Andy McKay · commit fbcb29e44c0b · 2013-06-03T12:00:23.000-07:00
diff --git a/mkt/api/authentication.py b/mkt/api/authentication.py
@@ -6,6 +6,7 @@
 from django.contrib.auth.models import AnonymousUser, User
 
 import commonware.log
+from rest_framework.authentication import BaseAuthentication
 from tastypie import http
 from tastypie.authentication import Authentication
 
@@ -161,3 +162,19 @@ def is_authenticated(self, request, **kwargs):
         except Exception, e:
             log.info('Bad shared-secret auth data: %s (%s)', auth, e)
             return False
+
+
+class RestOAuthAuthentication(BaseAuthentication, OAuthAuthentication):
+    """
+    OAuthAuthentication suitable for DRF, wraps around tastypie ones.
+
+    Since DRF includes OAuthAuthentication libraries, we can probably
+    remove all this at some point in the future.
+    """
+
+    def authenticate(self, request):
+        result = self.is_authenticated(request)
+        if (isinstance(result, http.HttpUnauthorized)
+            or not request.user):
+            return None
+        return (request.user, None)
diff --git a/mkt/api/authorization.py b/mkt/api/authorization.py
@@ -1,5 +1,6 @@
 import commonware.log
 
+from rest_framework.permissions import BasePermission
 from tastypie.authorization import Authorization, ReadOnlyAuthorization
 
 from access import acl
@@ -83,3 +84,12 @@ def is_authorized(self, request, object=None):
             return True
         log.info('Permission authorization failed')
         return False
+
+
+class AllowNone(BasePermission):
+
+    def has_permission(self, request, view):
+        return False
+
+    def has_object_permission(self, request, view, obj):
+        return False
diff --git a/mkt/api/paginator.py b/mkt/api/paginator.py
@@ -0,0 +1,41 @@
+from rest_framework import serializers
+from rest_framework import pagination
+from rest_framework.templatetags.rest_framework import replace_query_param
+
+
+class NextPageField(serializers.Field):
+    """Wrapper to remove absolute_uri."""
+    page_field = 'page'
+
+    def to_native(self, value):
+        if not value.has_next():
+            return None
+        page = value.next_page_number()
+        request = self.context.get('request')
+        url = request and request.get_full_path() or ''
+        return replace_query_param(url, self.page_field, page)
+
+
+class PreviousPageField(serializers.Field):
+    """Wrapper to remove absolute_uri."""
+    page_field = 'page'
+
+    def to_native(self, value):
+        if not value.has_previous():
+            return None
+        page = value.previous_page_number()
+        request = self.context.get('request')
+        url = request and request.get_full_path() or ''
+        return replace_query_param(url, self.page_field, page)
+
+
+class MetaSerializer(serializers.Serializer):
+    next = NextPageField(source='*')
+    prev = PreviousPageField(source='*')
+    page = serializers.Field(source='number')
+    total_count = serializers.Field(source='paginator.count')
+
+
+class CustomPaginationSerializer(pagination.BasePaginationSerializer):
+    meta = MetaSerializer(source='*')  # Takes the page object as the source
+    results_field = 'objects'
diff --git a/mkt/api/tests/test_authentication.py b/mkt/api/tests/test_authentication.py
@@ -128,6 +128,30 @@ def test_request_has_role(self):
         ok_(self.auth.is_authenticated(self.call()))
 
 
+class TestRestOAuthAuthentication(TestOAuthAuthentication):
+
+    def setUp(self):
+        super(TestRestOAuthAuthentication, self).setUp()
+        self.auth = authentication.RestOAuthAuthentication()
+
+    def test_accepted(self):
+        eq_(self.auth.authenticate(self.call()), (self.profile.user, None))
+        ok_(this_thread_is_pinned())
+
+    def test_request_token_fake(self):
+        c = Mock()
+        c.key = self.access.key
+        c.secret = 'mom'
+        ok_(not self.auth.authenticate(self.call(client=OAuthClient(c))))
+
+    def test_request_admin(self):
+        self.add_group_user(self.profile, 'Admins')
+        ok_(not self.auth.authenticate(self.call()))
+
+    def test_request_has_role(self):
+        self.add_group_user(self.profile, 'App Reviewers')
+        ok_(self.auth.authenticate(self.call()))
+
 
 @patch.object(settings, 'SECRET_KEY', 'gubbish')
 class TestSharedSecretAuthentication(TestCase):
diff --git a/mkt/settings.py b/mkt/settings.py
@@ -335,3 +335,29 @@ def APPCACHE_MEDIA_DEBUG():
 # solitude. The matching setting will have to be on in solitude, otherwise
 # it will just laugh at your request.
 BANGO_FAKE_REFUNDS = False
+
+REST_FRAMEWORK = {
+    'DEFAULT_MODEL_SERIALIZER_CLASS':
+        'rest_framework.serializers.HyperlinkedModelSerializer',
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'mkt.api.authentication.RestOAuthAuthentication',
+    ),
+    'DEFAULT_RENDERER_CLASSES': (
+        'rest_framework.renderers.JSONRenderer',
+    ),
+    'DEFAULT_PARSER_CLASSES': (
+        'rest_framework.parsers.JSONParser',
+    ),
+    'DEFAULT_PERMISSION_CLASSES': (
+        # By default no-one gets anything. You will have to override this
+        # in each resource to match your needs.
+        'mkt.api.authorization.AllowNone',
+    ),
+    'DEFAULT_PAGINATION_SERIALIZER_CLASS':
+        'mkt.api.paginator.CustomPaginationSerializer',
+    'DEFAULT_FILTER_BACKENDS': (
+        'rest_framework.filters.DjangoFilterBackend',
+    ),
+    'PAGINATE_BY': 20,
+    'PAGINATE_BY_PARAM': 'limit'
+}
diff --git a/requirements/prod.txt b/requirements/prod.txt
@@ -22,6 +22,7 @@ django-celery==3.0.17
 django-cronjobs==0.2.3
 django_csp==1.0.2
 django-extensions==0.9
+django-filter==0.6
 django-memcached-pool==0.4.1
 django-multidb-router==0.5
 django-mysql-pool==0.2
@@ -32,6 +33,7 @@ django-quieter-formset==0.3
 django-raven-metlog==0.2
 django-ratelimit==0.1
 django-recaptcha-mozilla==0.0.1
+djangorestframework==2.3.5
 #django-session-csrf==0.6
 django-statsd-mozilla==0.3.8.6
 django-storages==1.1.4
