Merge pull request #709 from tomchristie/oauth

OAuth support

1 files changed, 25 insertions, 0 deletions

diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index f18fb53e..f026850a 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -7,6 +7,8 @@ import warnings
 
 SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
 
+from rest_framework.compat import oauth2_provider_scope, oauth2_constants
+
 
 class BasePermission(object):
     """
@@ -132,3 +134,26 @@ class DjangoModelPermissions(BasePermission):
             request.user.has_perms(perms)):
             return True
         return False
+
+
+class TokenHasReadWriteScope(BasePermission):
+    """
+    The request is authenticated as a user and the token used has the right scope
+    """
+
+    def has_permission(self, request, view):
+        token = request.auth
+        read_only = request.method in SAFE_METHODS
+
+        if not token:
+            return False
+
+        if hasattr(token, 'resource'):  # OAuth 1
+            return read_only or not request.auth.resource.is_readonly
+        elif hasattr(token, 'scope'):  # OAuth 2
+            required = oauth2_constants.READ if read_only else oauth2_constants.WRITE
+            return oauth2_provider_scope.check(required, request.auth.scope)
+        else:
+            assert False, ('TokenHasReadWriteScope requires either the'
+            '`OAuthAuthentication` or `OAuth2Authentication` authentication '
+            'class to be used.')