cgiacofei/TandoorRecipes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed scoping and permissions for tokens

Browse Source
This commit is contained in:
vabene1111
2022-08-04 18:33:45 +02:00
parent 3f77b73a61
commit 3ec4afb02f
5 changed files with 90 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cookbook/helper/permission_helper.py
View File

@ -6,10 +6,12 @@ from django.core.exceptions import ValidationError, ObjectDoesNotExist
from django.http import HttpResponseRedirect
from django.urls import reverse, reverse_lazy
from django.utils.translation import gettext as _
from oauth2_provider.contrib.rest_framework import TokenHasScope, TokenHasReadWriteScope
from oauth2_provider.models import AccessToken
from rest_framework import permissions
from rest_framework.permissions import SAFE_METHODS
from cookbook.models import ShareLink, Recipe, UserPreference, UserSpace
from cookbook.models import ShareLink, Recipe, UserSpace
def get_allowed_groups(groups_required):
@ -338,6 +340,34 @@ class CustomUserPermission(permissions.BasePermission):
return False
class CustomTokenHasScope(TokenHasScope):
"""
Custom implementation of Django OAuth Toolkit TokenHasScope class
Only difference: if any other authentication method except OAuth2Authentication is used the scope check is ignored
IMPORTANT: do not use this class without any other permission class as it will not check anything besides token scopes
"""
def has_permission(self, request, view):
if type(request.auth) == AccessToken:
return super().has_permission(request, view)
else:
return request.user.is_authenticated
class CustomTokenHasReadWriteScope(TokenHasReadWriteScope):
"""
Custom implementation of Django OAuth Toolkit TokenHasReadWriteScope class
Only difference: if any other authentication method except OAuth2Authentication is used the scope check is ignored
IMPORTANT: do not use this class without any other permission class as it will not check anything besides token scopes
"""
def has_permission(self, request, view):
if type(request.auth) == AccessToken:
return super().has_permission(request, view)
else:
return request.user.is_authenticated
def above_space_limit(space): # TODO add file storage limit
"""
Test if the space has reached any limit (e.g. max recipes, users, ..)