diff options
| author | Pierre Dulac | 2013-03-10 14:08:29 +0100 |
|---|---|---|
| committer | Pierre Dulac | 2013-03-10 14:08:29 +0100 |
| commit | e03906a5c4101853b709403266b738911680c4b5 (patch) | |
| tree | bb49122be42e7c3022d1b3fcc37f43a6f24c8e17 /rest_framework/permissions.py | |
| parent | a34f45b06e68fbe69f02d79c883ca764d88ac44b (diff) | |
| download | django-rest-framework-e03906a5c4101853b709403266b738911680c4b5.tar.bz2 | |
Add TokenHasReadWriteScope class for permissions based on scopes
Diffstat (limited to 'rest_framework/permissions.py')
| -rw-r--r-- | rest_framework/permissions.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 306f00ca..519a3691 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -7,6 +7,8 @@ import warnings SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS'] +from rest_framework.compat import oauth2_provider_scope + class BasePermission(object): """ @@ -125,3 +127,29 @@ class DjangoModelPermissions(BasePermission): request.user.has_perms(perms)): return True return False + + +class TokenHasReadWriteScope(BasePermission): + """ + The request is authenticated as a user and the token used has the right scope + """ + + def has_permission(self, request, view): + if not request.auth: + return False + + read_only = request.method in SAFE_METHODS + if hasattr(request.auth, 'resource'): # oauth 1 + pass + elif hasattr(request.auth, 'scope'): # oauth 2 + scope_valid = lambda scope_wanted_key, scope_had: oauth2_provider_scope.check( + oauth2_provider_scope.SCOPE_NAME_DICT[scope_wanted_key], scope_had) + + if (read_only and scope_valid('read', request.auth.scope)): + return True + elif scope_valid('write', request.auth.scope): + return True + return False + else: + # Improperly configured! + pass |