You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
2.0 KiB
60 lines
2.0 KiB
from rest_framework import permissions
|
|
from rest_framework.authtoken.models import Token
|
|
from django.contrib.auth.models import AnonymousUser
|
|
|
|
|
|
class SwaggerTokenPermission(permissions.BasePermission):
|
|
"""
|
|
Custom permission for Swagger that allows access to authenticated users via token
|
|
or admin users via session authentication
|
|
"""
|
|
|
|
def has_permission(self, request, view):
|
|
# Check if user is admin (for session-based access)
|
|
if request.user and request.user.is_authenticated and request.user.is_staff:
|
|
return True
|
|
|
|
# Check for token in session (from our custom auth system)
|
|
swagger_token = request.session.get('swagger_token')
|
|
if swagger_token:
|
|
try:
|
|
token_obj = Token.objects.get(key=swagger_token)
|
|
if token_obj.user.is_active:
|
|
return True
|
|
except Token.DoesNotExist:
|
|
pass
|
|
|
|
# Check for Authorization header
|
|
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
|
|
if auth_header.startswith('Token '):
|
|
token = auth_header.split(' ')[1]
|
|
try:
|
|
token_obj = Token.objects.get(key=token)
|
|
if token_obj.user.is_active:
|
|
return True
|
|
except Token.DoesNotExist:
|
|
pass
|
|
|
|
return False
|
|
|
|
|
|
class IsAdminOrSwaggerToken(permissions.BasePermission):
|
|
"""
|
|
Permission that allows access to admin users or users with valid swagger token
|
|
"""
|
|
|
|
def has_permission(self, request, view):
|
|
# Allow admin users
|
|
if request.user and request.user.is_authenticated and request.user.is_staff:
|
|
return True
|
|
|
|
# Check swagger token in session
|
|
swagger_token = request.session.get('swagger_token')
|
|
if swagger_token:
|
|
try:
|
|
token_obj = Token.objects.get(key=swagger_token)
|
|
return token_obj.user.is_active
|
|
except Token.DoesNotExist:
|
|
pass
|
|
|
|
return False
|