fixed scoping and permissions for tokens

2022-08-04 18:33:45 +02:00
parent 3f77b73a61
commit 3ec4afb02f
5 changed files with 90 additions and 53 deletions
--- a/cookbook/helper/scope_middleware.py
+++ b/cookbook/helper/scope_middleware.py
@ -1,5 +1,6 @@
 from django.urls import reverse
 from django_scopes import scope, scopes_disabled
+from oauth2_provider.contrib.rest_framework import OAuth2Authentication
 from rest_framework.authentication import TokenAuthentication
 from rest_framework.authtoken.models import Token
 from rest_framework.exceptions import AuthenticationFailed
@ -55,7 +56,7 @@ class ScopeMiddleware:
        else:
            if request.path.startswith(prefix + '/api/'):
                try:
-                    if auth := TokenAuthentication().authenticate(request):
+                    if auth := OAuth2Authentication().authenticate(request):
                        user_space = auth[0].userspace_set.filter(active=True).first()
                        if user_space:
                            request.space = user_space.space