Api2 with multiple auth handlers (for ajax reqs)

This commit is contained in:
seba 2011-10-01 18:48:40 +02:00
parent 3aa0339387
commit 0f6c60020c
4 changed files with 35 additions and 7 deletions

View File

@ -10,6 +10,7 @@ Noch zu tun:
[x] Ldap anbindung fuer login
[ ] doku
[ ] API(wget)-Beispiele
[ ] Authblob erlaubt momentan beliebige größe - beschrängen auf 10kb o.ä.
Nice-to-haf:

View File

@ -57,6 +57,7 @@ def manglePluginPerms(apiFunc):
# 3. put stuff into the request
request.user = user
request.plugin = plugin
request.pluginperms = perms
return apiFunc(self, request, *args, **kwargs)
return wrapper
@ -78,7 +79,7 @@ def requirePlugin(apiFunc):
except Group.DoesNotExist:
pass
ret = rc.FORBIDDEN
return rc.FORBIDDEN
ret.write("\nA plugin is required for this api function\n")
return ret
return wrapper

View File

@ -132,9 +132,31 @@ class AccountBalanceHandler(BaseHandler):
return {'balance': balance}
class AuthBlobHandler(BaseHandler):
# allowed_methods = ('GET', 'POST')
# model =
pass
allowed_methods = ('GET', 'POST')
@requirePlugin
@manglePluginPerms
def read(self, request):
if not request.plugin.pluginCanReadAuthblob:
ret = rc.FORBIDDEN
ret.write("\nThis plugin is not allowed to read the users authblob\n")
return ret
return request.pluginperms.authblob
@requirePlugin
@manglePluginPerms
def create(self, request):
if not request.plugin.pluginCanWriteAuthblob:
ret = rc.FORBIDDEN
ret.write("\nThis plugin is not allowed to write the users authblob\n")
return ret
if not request.data.has_key('authblob'):
ret = rc.BAD_REQUEST
ret.write("\nTo change the users auth blob you actually need to provide one\n")
request.pluginperms.authblob = request.data['authblob']
request.pluginperms.authblob.save()
return rc.ALL_OK
class AuthUserHandler(BaseHandler):
allowed_methods = ('GET')

View File

@ -1,6 +1,7 @@
from django.conf.urls.defaults import *
from piston.resource import Resource
from piston.authentication import HttpBasicAuthentication
from api2.authentication import DjangoAuthentication, MultiAuthentication
from api2.handlers import *
# taken from
@ -10,8 +11,11 @@ class CsrfExemptResource( Resource ):
super( CsrfExemptResource, self ).__init__( handler, authentication )
self.csrf_exempt = getattr( self.handler, 'csrf_exempt', True )
auth = HttpBasicAuthentication(realm="Freitagsrundenkassensystemapi")
ad = {'authentication': auth}
# build authenticatiooors
basicAuth = HttpBasicAuthentication(realm="Freitagsrundenkassensystemapi")
djangoAuth = DjangoAuthentication()
multiAuth = MultiAuthentication([basicAuth, djangoAuth])
ad = {'authentication': multiAuth}
buyableItemRes = CsrfExemptResource(handler=BuyableItemHandler, **ad)
buyableTypeRes = CsrfExemptResource(handler=BuyableTypeHandler, **ad)