From cb9fb6ef2f9ac38c4f1c3946252a542b1f3f15d7 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Mon, 11 Apr 2011 13:45:38 +0100
Subject: Refactoring of authentication/permissions

---
 djangorestframework/request.py | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

(limited to 'djangorestframework/request.py')

diff --git a/djangorestframework/request.py b/djangorestframework/request.py
index 71ff8c0b..8a4330b4 100644
--- a/djangorestframework/request.py
+++ b/djangorestframework/request.py
@@ -9,7 +9,7 @@ from django.http.multipartparser import LimitBytes
 from StringIO import StringIO
 
 class RequestMixin(object):
-    """Mixin behaviour to deal with requests."""
+    """Mixin class to provide request parsing behaviour."""
 
     USE_FORM_OVERLOADING = True
     METHOD_PARAM = "_method"
@@ -214,3 +214,42 @@ class RequestMixin(object):
 
 
 
+class AuthMixin(object):
+    """Mixin class to provide authentication and permissions."""
+    authenticators = ()
+    permitters = ()
+
+    @property
+    def auth(self):
+        if not hasattr(self, '_auth'):
+            self._auth = self._authenticate()
+        return self._auth
+
+    # TODO?
+    #@property
+    #def user(self):
+    #    if not has_attr(self, '_user'):
+    #        auth = self.auth
+    #        if isinstance(auth, User...):
+    #            self._user = auth
+    #        else:
+    #            self._user = getattr(auth, 'user', None)
+    #    return self._user
+
+    def check_permissions(self):
+        if not self.permissions:
+            return
+
+        auth = self.auth
+        for permitter_cls in self.permitters:
+            permitter = permission_cls(self)
+            permitter.permit(auth)
+
+    def _authenticate(self):
+        for authenticator_cls in self.authenticators:
+            authenticator = authenticator_cls(self)
+            auth = authenticator.authenticate(self.request)
+            if auth:
+                return auth
+        return None
+
-- 
cgit v1.2.3