def get_auth(self, path, method): """ Obtains authentication classes and permissions from view. If authentication is known, resolve security requirement for endpoint and security definition for the component section. For custom authentication subclass ``OpenApiAuthenticationExtension``. """ auths = [] for authenticator in self.view.get_authenticators(): scheme = OpenApiAuthenticationExtension.get_match(authenticator) if not scheme: warn( f'could not resolve authenticator {authenticator.__class__}. There ' f'was no OpenApiAuthenticationExtension registered for that class. ' f'Try creating one by subclassing it. Ignoring for now.') continue auths.append(scheme.get_security_requirement(self.view)) component = ResolvedComponent( name=scheme.name, type=ResolvedComponent.SECURITY_SCHEMA, object=authenticator.__class__, schema=scheme.get_security_definition(self.view)) if component not in self.registry: self.registry.register(component) perms = [p.__class__ for p in self.view.get_permissions()] if permissions.AllowAny in perms: auths.append({}) elif permissions.IsAuthenticatedOrReadOnly in perms and method not in ( 'PUT', 'PATCH', 'POST'): auths.append({}) return auths
def get_auth(self): """ Obtains authentication classes and permissions from view. If authentication is known, resolve security requirement for endpoint and security definition for the component section. For custom authentication subclass ``OpenApiAuthenticationExtension``. """ auths = [] for authenticator in self.view.get_authenticators(): scheme = OpenApiAuthenticationExtension.get_match(authenticator) if not scheme: warn( f'could not resolve authenticator {authenticator.__class__}. There ' f'was no OpenApiAuthenticationExtension registered for that class. ' f'Try creating one by subclassing it. Ignoring for now.' ) continue security_requirements = scheme.get_security_requirement(self) if security_requirements is not None: auths.append(security_requirements) component = ResolvedComponent( name=scheme.name, type=ResolvedComponent.SECURITY_SCHEMA, object=authenticator.__class__, schema=scheme.get_security_definition(self) ) self.registry.register_on_missing(component) if spectacular_settings.SECURITY: auths.extend(spectacular_settings.SECURITY) perms = [p.__class__ for p in self.view.get_permissions()] if permissions.AllowAny in perms: auths.append({}) elif permissions.IsAuthenticatedOrReadOnly in perms and self.method in permissions.SAFE_METHODS: auths.append({}) return auths