Merge pull request #721 from dulaccc/token-scope-permission

Token scope permission class

1 files changed, 32 insertions, 0 deletions

diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 306f00ca..c477474c 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -7,6 +7,8 @@ import warnings
 
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 
+from rest_framework.compat import oauth2_provider_scope
+
 
 class BasePermission(object):
     """
@@ -125,3 +127,33 @@ class DjangoModelPermissions(BasePermission):
             request.user.has_perms(perms)):
             return True
         return False
+
+
+class TokenHasReadWriteScope(BasePermission):
+    """
+    The request is authenticated as a user and the token used has the right scope
+    """
+
+    def has_permission(self, request, view):
+        if not request.auth:
+            return False
+
+        read_only = request.method in SAFE_METHODS
+        if hasattr(request.auth, 'resource'):  # oauth 1
+            if read_only:
+                return True
+            elif request.auth.resource.is_readonly is False:
+                return True
+            return False
+        elif hasattr(request.auth, 'scope'):   # oauth 2
+            scope_valid = lambda scope_wanted_key, scope_had: oauth2_provider_scope.check(
+                oauth2_provider_scope.SCOPE_NAME_DICT[scope_wanted_key], scope_had)
+
+            if read_only and scope_valid('read', request.auth.scope):
+                return True
+            elif scope_valid('write', request.auth.scope):
+                return True
+            return False
+        else:
+            # Improperly configured!
+            pass