Commit c5d7598f authored by sebastien letort's avatar sebastien letort

Some doc about the mixin used.

parent 4e8ed84d
Pipeline #64796 canceled with stage
"""
.. automodule:: api.v1.metrics
:members:
.. automodule:: api.v1.mixins
:members:
.. automodule:: api.v1.views
:members:
"""
"""
Mixins used in API (only).
In Django mixins are used to managed permissions.
"""
import logging
from django.http import HttpResponse, JsonResponse
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.http import JsonResponse
from django.contrib.auth.mixins import UserPassesTestMixin
from main.helpers import get_request_user
from main.models import Job
from main.mixins import AllgoValidAccountMixin
log = logging.getLogger('allgo')
class ApiAuthMixin(UserPassesTestMixin):
"""API should be accessible uniquely to AllgoUser, ie logged in or with a token"""
"""API should be accessible uniquely to AllgoUser, ie logged in or with a token.
The user status is checked through get_request_user.
Return a json string with 401 status if unauthorized access.
"""
def test_func(self):
user = get_request_user(self.request)
......@@ -24,9 +30,7 @@ class ApiAuthMixin(UserPassesTestMixin):
def handle_no_permission(self):
log.debug( "ApiAuthMixin.handle_no_permission" )
# ~ if not self.raise_exception and self.request.path_info.startswith("/api/"):
# ~ return JsonResponse({"error": "401 Unauthorized"}, status=401)
# as it should be used only in api, is this test necessary ?
if self.request.path_info.startswith("/api/"):
return JsonResponse({"error": "401 Unauthorized"}, status=401)
return super().handle_no_permission()
......@@ -91,6 +91,7 @@ class JobAuthMixin(AllgoValidAccountMixin, UserPassesTestMixin):
"""Check if user has access to a job
- redirects to the login page if unauthenticated
---> **What the doc says, not done.** In a browser, json response, in a terminal error 401.
- allow access if user is the job owner or if user is a superuser
"""
user = get_request_user(self.request)
......
.. _dev-mixins:
In Django, mixins are used to provide shared functionnality to view (almost like interface).
Django mixins used
-------------------
(from django.contrib.auth.mixins), more infos on `mixin <https://docs.djangoproject.com/en/2.1/topics/auth/default/>`_
LoginRequiredMixin
prepend your code with
``if not request.user.is_authenticated: redirect/render``
It is used for website views accessible only for logged in users.
UserPassesTestMixin
prepend your code with
``if not your_test_func: redirect/render``
It is used for website views accessible only for logged in users that pass the test.
The test usually checks some permissions.
AllGo main mixins
------------------
.. automodule:: main.mixins
:members:
AllGo Api mixin
----------------
.. automodule:: api.v1.mixins
:members:
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment