authentication refactor : request.user + tests pass

1 files changed, 26 insertions, 37 deletions

diff --git a/djangorestframework/mixins.py b/djangorestframework/mixins.py
index 51c859cd..398ed28a 100644
--- a/djangorestframework/mixins.py
+++ b/djangorestframework/mixins.py
@@ -3,7 +3,6 @@ The :mod:`mixins` module provides a set of reusable `mixin`
 classes that can be added to a `View`.
 """
 
-from django.contrib.auth.models import AnonymousUser
 from django.core.paginator import Paginator
 from django.db.models.fields.related import ForeignKey
 from urlobject import URLObject
@@ -19,7 +18,7 @@ __all__ = (
     # Base behavior mixins
     'RequestMixin',
     'ResponseMixin',
-    'AuthMixin',
+    'PermissionsMixin',
     'ResourceMixin',
     # Reverse URL lookup behavior
     'InstanceMixin',
@@ -45,6 +44,13 @@ class RequestMixin(object):
     Should be a tuple/list of classes as described in the :mod:`parsers` module.
     """
 
+    authentication_classes = ()
+    """
+    The set of authentication types that this view can handle.
+
+    Should be a tuple/list of classes as described in the :mod:`authentication` module.
+    """
+
     request_class = Request
     """
     The class to use as a wrapper for the original request object.
@@ -56,6 +62,12 @@ class RequestMixin(object):
         """
         return [p(self) for p in self.parser_classes]
 
+    def get_authentications(self):
+        """
+        Instantiates and returns the list of authentications the request will use.
+        """
+        return [a(self) for a in self.authentication_classes]
+
     def create_request(self, request):
         """
         Creates and returns an instance of :class:`request.Request`.
@@ -63,7 +75,9 @@ class RequestMixin(object):
         parsers set on the view.
         """
         parsers = self.get_parsers()
-        return self.request_class(request, parsers=parsers)
+        authentications = self.get_authentications()
+        return self.request_class(request, parsers=parsers, 
+                                    authentications=authentications)
 
     @property
     def _parsed_media_types(self):
@@ -134,57 +148,32 @@ class ResponseMixin(object):
         return [renderer.format for renderer in self.get_renderers()]
 
 
-########## Auth Mixin ##########
+########## Permissions Mixin ##########
 
-class AuthMixin(object):
+class PermissionsMixin(object):
     """
-    Simple :class:`mixin` class to add authentication and permission checking to a :class:`View` class.
+    Simple :class:`mixin` class to add permission checking to a :class:`View` class.
     """
 
-    authentication = ()
-    """
-    The set of authentication types that this view can handle.
-
-    Should be a tuple/list of classes as described in the :mod:`authentication` module.
-    """
-
-    permissions = ()
+    permissions_classes = ()
     """
     The set of permissions that will be enforced on this view.
 
     Should be a tuple/list of classes as described in the :mod:`permissions` module.
     """
 
-    @property
-    def user(self):
-        """
-        Returns the :obj:`user` for the current request, as determined by the set of
-        :class:`authentication` classes applied to the :class:`View`.
-        """
-        if not hasattr(self, '_user'):
-            self._user = self._authenticate()
-        return self._user
-
-    def _authenticate(self):
+    def get_permissions(self):
         """
-        Attempt to authenticate the request using each authentication class in turn.
-        Returns a ``User`` object, which may be ``AnonymousUser``.
+        Instantiates and returns the list of permissions that this view requires.
         """
-        for authentication_cls in self.authentication:
-            authentication = authentication_cls(self)
-            user = authentication.authenticate(self.request)
-            if user:
-                return user
-        return AnonymousUser()
+        return [p(self) for p in self.permissions_classes]
 
     # TODO: wrap this behavior around dispatch()
-    def _check_permissions(self):
+    def check_permissions(self, user):
         """
         Check user permissions and either raise an ``ImmediateResponse`` or return.
         """
-        user = self.user
-        for permission_cls in self.permissions:
-            permission = permission_cls(self)
+        for permission in self.get_permissions():
             permission.check_permission(user)