Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

78 lines (62 sloc) 2.336 kB
class Authorization(object):
"""
A base class that provides no permissions checking.
"""
def __get__(self, instance, owner):
"""
Makes ``Authorization`` a descriptor of ``ResourceOptions`` and creates
a reference to the ``ResourceOptions`` object that may be used by
methods of ``Authorization``.
"""
self.resource_meta = instance
return self
def is_authorized(self, request, object=None):
"""
Checks if the user is authorized to perform the request. If ``object``
is provided, it can do additional row-level checks.
Should return either ``True`` if allowed, ``False`` if not or an
``HttpResponse`` if you need something custom.
"""
return True
class ReadOnlyAuthorization(Authorization):
"""
Default Authentication class for ``Resource`` objects.
Only allows GET requests.
"""
def is_authorized(self, request, object=None):
"""
Allow any ``GET`` request.
"""
if request.method == 'GET':
return True
else:
return False
class DjangoAuthorization(Authorization):
"""
Uses permission checking from ``django.contrib.auth`` to map ``POST``,
``PUT``, and ``DELETE`` to their equivalent django auth permissions.
"""
def is_authorized(self, request, object=None):
# GET is always allowed
if request.method == 'GET':
return True
klass = self.resource_meta.object_class
# cannot check permissions if we don't know the model
if not klass or not getattr(klass, '_meta', None):
return True
permission_codes = {
'POST': '%s.add_%s',
'PUT': '%s.change_%s',
'DELETE': '%s.delete_%s',
}
# cannot map request method to permission code name
if request.method not in permission_codes:
return True
permission_code = permission_codes[request.method] % (
klass._meta.app_label,
klass._meta.module_name)
# user must be logged in to check permissions
# authentication backend must set request.user
if not hasattr(request, 'user'):
return False
return request.user.has_perm(permission_code)
Jump to Line
Something went wrong with that request. Please try again.