Skip to content

feat: added authorization middleware #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ivinayakg wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat: added authorization middleware #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b22b7df
feat: added authorization middleware
ivinayakg Sep 15, 2023
a02b45b
refact: changes in the authorization middleware
ivinayakg Sep 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions apps/base/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
SUPER_USER_ROLE = "super_user"
MEMBER_ROLE = "member"
19 changes: 16 additions & 3 deletions apps/base/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
from rest_framework import permissions
from apps.base.constants import SUPER_USER_ROLE, MEMBER_ROLE


class IsSuperUserPermission(permissions.BasePermission):
def has_permission(self, request, view):
return False
def AuthorizationPermissions(roles=[]):
class AuthorizationPermission:
def has_permission(self, request, view):
if not request.user.is_authenticated:
return False

user_roles = request.user.roles
for role in roles:
if user_roles.get(role, False) is True:
return True
else:
continue
return False

return AuthorizationPermission
3 changes: 0 additions & 3 deletions apps/base/tests.py
View file
Open in desktop

This file was deleted.

5 changes: 4 additions & 1 deletion apps/goals/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
from rest_framework.permissions import IsAuthenticated

from apps.base.base_views import ModelBaseViewSet
from apps.goals.models import Goal
from apps.goals.serializers import GoalSerializer
from rest_framework.permissions import IsAuthenticated
from apps.base.permissions import AuthorizationPermissions
from apps.base.constants import MEMBER_ROLE


class GoalViewSet(ModelBaseViewSet):
Expand Down
18 changes: 18 additions & 0 deletions apps/user/tests/test_drf_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.conf import LazySettings

from apps.conftest import get_user_token
from apps.base.constants import SUPER_USER_ROLE

settings = LazySettings()

Expand Down Expand Up @@ -61,3 +62,20 @@ def test_get_user(self, client, user_t1):
**_response_data["attributes"]}

assert user_data["rds_id"] == user_t1.rds_id

def test_list_users(self, client, user_t1, user_t2):
self.client.credentials(HTTP_AUTHORIZATION=get_user_token(user_t1))

_response = self.client.get(
f"/api/v1/user/", format="vnd.api+json")

assert _response.status_code == status.HTTP_403_FORBIDDEN

# giving a role to authorize
user_t1.roles[SUPER_USER_ROLE] = True
user_t1.save()

_response = self.client.get(
f"/api/v1/user/", format="vnd.api+json")

assert _response.status_code == status.HTTP_200_OK
5 changes: 3 additions & 2 deletions apps/user/v1/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
from apps.user.models import User
from apps.user.v1.serializer import UserSerializer, CreateUserSerializer
from apps.user.permission import RestKeyPermission
from apps.base.permissions import IsSuperUserPermission
from apps.base.permissions import AuthorizationPermissions, SUPER_USER_ROLE


class UserViewSet(ModelBaseViewSet):
Expand All @@ -18,7 +18,8 @@ def get_permissions(self):
if self.action in ["create"]:
self.permission_classes = [RestKeyPermission]
elif self.action in ["list"]:
self.permission_classes = [IsSuperUserPermission]
self.permission_classes = [
AuthorizationPermissions([SUPER_USER_ROLE])]
else:
self.permission_classes = [IsAuthenticated]
return [permission() for permission in self.permission_classes]
Expand Down