def create_consumer(): ConsumerInfo.objects.filter(consumer__key=KEY).delete() Consumer.objects.filter(key=KEY).delete() c = Consumer(name='Example Consumer', description='Consumer to do some demos with', status=ACCEPTED, user=User.objects.get(username='******'), xauth_allowed=False, key=KEY, secret=SECRET) #c.generate_random_codes() c.save() i = ConsumerInfo(consumer=c) i.admin_contact = '*****@*****.**' i.permissions = ['courses', 'grades'] i.save() return c
def has_permission(self, request, view): if not request.user or not request.user.is_authenticated(): # must be authenticated one way or another return False authenticator = request.successful_authenticator required_permissions = view.consumer_permissions if isinstance(authenticator, authentication.SessionAuthentication): # CAS authenticated: the world is your oyster return True elif isinstance(authenticator, OAuthAuthentication): # OAuth authenticated: check that the consumer is allowed to do these things # re-find the Token, since it isn't stashed in the request # could be avoided if: http://code.larlet.fr/django-oauth-plus/issue/40/set-requestconsumer-and-requesttoken-to oauth_req = get_oauth_request(request) token = Token.objects.get( key=oauth_req['oauth_token'], consumer__key=oauth_req['oauth_consumer_key']) # consumer must have asked for all of the permissions being used allowed_perms = ConsumerInfo.allowed_permissions(token) return set(required_permissions) <= set(allowed_perms) else: raise ValueError, "Unknown authentication method."
def has_permission(self, request, view): if not request.user or not request.user.is_authenticated: # must be authenticated one way or another return False authenticator = request.successful_authenticator required_permissions = view.consumer_permissions if isinstance(authenticator, authentication.SessionAuthentication): # CAS authenticated: the world is your oyster return True elif isinstance(authenticator, OAuthAuthentication): # OAuth authenticated: check that the consumer is allowed to do these things # re-find the Token, since it isn't stashed in the request # could be avoided if: http://code.larlet.fr/django-oauth-plus/issue/40/set-requestconsumer-and-requesttoken-to oauth_req = get_oauth_request(request) token = Token.objects.get(key=oauth_req['oauth_token'], consumer__key=oauth_req['oauth_consumer_key']) # consumer must have asked for all of the permissions being used allowed_perms = ConsumerInfo.allowed_permissions(token) return set(required_permissions) <= set(allowed_perms) else: raise ValueError("Unknown authentication method.")
def manage_tokens(request): if request.method == 'POST': # token deletion requested key = request.POST.get('key', None) token = get_object_or_404(Token, user__username=request.user.username, token_type=Token.ACCESS, key=key) token.delete() return HttpResponseRedirect(reverse('config:manage_tokens')) else: tokens = Token.objects.filter(user__username=request.user.username, token_type=Token.ACCESS) \ .select_related('consumer') for t in tokens: t.consumer_info = ConsumerInfo.get_for_token(t) context = { 'tokens': tokens, } return render(request, 'api/manage_tokens.html', context)