diff options
| author | Tom Christie | 2013-03-12 19:07:30 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-03-12 19:07:30 +0000 |
| commit | f513db714db76849448bf2e2412428ee7121ebf6 (patch) | |
| tree | 7735202eec798c41586460e5ea504f8f39504434 /rest_framework/permissions.py | |
| parent | e8db504a9802c6dcc111a327f681e01b9b3e2e16 (diff) | |
| download | django-rest-framework-f513db714db76849448bf2e2412428ee7121ebf6.tar.bz2 | |
Clean up TokenHasReadWriteScope slightly
Diffstat (limited to 'rest_framework/permissions.py')
| -rw-r--r-- | rest_framework/permissions.py | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 92f8215a..f026850a 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -7,7 +7,7 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] -from rest_framework.compat import oauth2_provider_scope +from rest_framework.compat import oauth2_provider_scope, oauth2_constants class BasePermission(object): @@ -142,25 +142,18 @@ class TokenHasReadWriteScope(BasePermission): """ def has_permission(self, request, view): - if not request.auth: - return False - + token = request.auth read_only = request.method in SAFE_METHODS - if hasattr(request.auth, 'resource'): # oauth 1 - if read_only: - return True - elif request.auth.resource.is_readonly is False: - return True - return False - elif hasattr(request.auth, 'scope'): # oauth 2 - scope_valid = lambda scope_wanted_key, scope_had: oauth2_provider_scope.check( - oauth2_provider_scope.SCOPE_NAME_DICT[scope_wanted_key], scope_had) - - if read_only and scope_valid('read', request.auth.scope): - return True - elif scope_valid('write', request.auth.scope): - return True + + if not token: return False + + if hasattr(token, 'resource'): # OAuth 1 + return read_only or not request.auth.resource.is_readonly + elif hasattr(token, 'scope'): # OAuth 2 + required = oauth2_constants.READ if read_only else oauth2_constants.WRITE + return oauth2_provider_scope.check(required, request.auth.scope) else: - # Improperly configured! - pass + assert False, ('TokenHasReadWriteScope requires either the' + '`OAuthAuthentication` or `OAuth2Authentication` authentication ' + 'class to be used.') |