class Meta(CommonMetaApi): paginator_class = CrossSiteXHRPaginator queryset = Layer.objects.distinct().order_by('-date') resource_name = 'layers' detail_uri_name = 'id' include_resource_uri = True allowed_methods = ['get', 'patch'] excludes = ['csw_anytext', 'metadata_xml'] authentication = MultiAuthentication(SessionAuthentication(), OAuthAuthentication(), GeonodeApiKeyAuthentication()) filtering = CommonMetaApi.filtering # Allow filtering using ID filtering.update({ 'id': ALL, 'name': ALL, 'alternate': ALL, 'metadata_only': ALL })
class Meta: queryset = Chance.objects.all() allowed_methods = ALL_METHODS resource_name = 'chance' authorization = DjangoAuthorization() authentication = MultiAuthentication( ApiKeyAuthentication(), SessionAuthentication() ) ordering = { 'date_created': ALL, 'date_updated': ALL } filtering = { 'id': ALL, 'number': ALL, 'date_created': ALL, 'date_updated': ALL }
class Meta: abstract = True limit = 100 include_resource_uri = False include_absolute_url = False allowed_methods = ['get'] fields = ['id'] throttle = CacheThrottle(throttle_at=10, timeframe=60) authentication = MultiAuthentication( ApiKeyAuthentication(), SessionAuthentication(), OAuth2ScopedAuthentication( post=('read write', ), get=('read', ), put=('read', 'write'), ), )
class Meta: queryset = Resource.objects.all() resource_name = 'resource' excludes = ['source_peer'] allowed_methods = ['get', 'post', 'put'] authentication = MultiAuthentication(ApiKeyAuthentication(), SessionAuthentication()) authorization = ORBResourceAuthorization() serializer = ResourceSerializer() always_return_data = True include_resource_uri = True throttle = CacheDBThrottle(throttle_at=1000, timeframe=3600) ordering = ['update_date'] filtering = { 'update_date': ['lte', 'gte'], # `exact` would imply a timestamp, not date comparison 'status': ['exact'], }
class Meta: readonly_fields = ['owned_tracts_geom'] resource_name = 'fire-departments' queryset = FireDepartment.objects.defer('owned_tracts_geom').filter( archived=False) authorization = GuardianAuthorization( view_permission_code=None, update_permission_code='change_firedepartment', create_permission_code='change_firedepartment', delete_permission_code='admin_firedepartment') authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) cache = SimpleCache() list_allowed_methods = ['get', 'put'] detail_allowed_methods = ['get', 'put'] filtering = {'state': ALL, 'featured': ALL, 'fdid': ALL, 'id': ALL} serializer = PrettyJSONSerializer() limit = 120 max_limit = 2000
class Meta: authentication = MultiAuthentication(SessionAuthentication(), BasicAuthentication()) list_allowed_methods = ['get'] detail_allowed_methods = [] filtering = { 'date': ALL } grouping = [ 'category__name', 'date__month', 'date__day', 'date__year' ] queryset = Transaction.objects.all() limit = 100 annotations = { 'total': Count('pk'), 'sum': Sum('value') }
class Meta: # For authentication, allow both basic and api key so that the key # can be grabbed, if needed. authentication = MultiAuthentication( InlineBasicAuthentication(), BasicAuthentication(), ApiKeyAuthentication(),TokenAuthentication()) authorization = Authorization() serializer = Serializer(formats=['json']) # Because this can be updated nested under the UserProfile, it needed # 'put'. No idea why, since patch is supposed to be able to handle # partial updates. allowed_methods = ['get', 'put' ] always_return_data = True queryset = User.objects.all().select_related("api_key") resource_name = "users" fields = ['last_name','first_name','username','is_active','email','password','is_staff','is_superuser'] filtering = {'username':ALL_WITH_RELATIONS,'email':ALL}
def test_apikey_and_authentication_enforce_user(self): session_auth = SessionAuthentication() api_key_auth = ApiKeyAuthentication() auth = MultiAuthentication(api_key_auth, session_auth) john_doe = User.objects.get(username='******') request1 = HttpRequest() request2 = HttpRequest() request3 = HttpRequest() request1.method = 'POST' request1.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request1.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request1.user = john_doe request2.POST['username'] = '******' request2.POST['api_key'] = 'invalid key' request3.method = 'POST' request3.META = { 'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890' } request3.COOKIES = { settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890' } request3.user = john_doe request3.POST['username'] = '******' request3.POST['api_key'] = 'invalid key' #session auth should pass if since john_doe is logged in self.assertTrue(session_auth.is_authenticated(request1)) #api key auth should fail because of invalid api key self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True) #multi auth shouldn't change users if api key auth fails #multi auth passes since session auth is valid self.assertEqual(request3.user.username, 'johndoe') self.assertTrue(auth.is_authenticated(request3)) self.assertEqual(request3.user.username, 'johndoe')
class Meta: queryset = models.FuelDistribution.objects.all() list_allowed_methods = ['get', 'post', 'put', 'delete'] detail_allowed_methods = ['get', 'post', 'put', 'delete'] resource_name = 'fuel-distributions' collection_name = 'fuel_distributions' always_return_data = True authorization = Authorization() authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) filtering = { 'station': ALL_WITH_RELATIONS, 'car': ALL_WITH_RELATIONS, 'worker': ALL_WITH_RELATIONS, 'waybills': ALL_WITH_RELATIONS, 'outfits': ALL_WITH_RELATIONS, 'regforms': ALL_WITH_RELATIONS, 'author': ALL_WITH_RELATIONS, 'date': ALL, }
class Meta: object_class = models.Manuscript allowed_methods = ('get', 'post', 'patch', 'delete') filtering = { 'status': ALL, 'created': DATE_FILTERS, 'last_updated': DATE_FILTERS, } excludes = ('id', ) ordering = ( 'name', 'title', 'status', 'created', 'updated', ) always_return_data = True authorization = AnyoneCanViewAuthorization() authentication = MultiAuthentication(AppApiKeyAuthentication(), CookieBasicAuthentication())
class Meta: queryset = Job.objects.filter( status__in=['finished', 'error']).order_by('-timestamp_submission') authentication = MultiAuthentication(ProviderAuthentication(), HBPAuthentication()) authorization = CollabAuthorization() serializer = ISO8601UTCOffsetSerializer(formats=['json']) resource_name = "results" list_allowed_methods = ['get'] # you can only retrieve the list # you can retrieve and modify each item detail_allowed_methods = ['get', 'put', 'patch', 'delete'] always_return_data = False filtering = { 'tags': ALL, 'comments': ALL, 'status': ['exact'], 'id': ['exact'], 'collab_id': ['exact'], 'hardware_platform': ['exact'] }
class Meta: SetTopBoxProgramSchedule = apps.get_model('client', 'SetTopBoxProgramSchedule') queryset = SetTopBoxProgramSchedule.objects.all() resource_name = 'settopboxprogramschedule' allowed_methods = ['get', 'post', 'delete', 'put', 'patch'] urlconf_namespace = 'client' fields = ['schedule_date', 'message', 'url'] always_return_data = True filtering = { "schedule_date": ALL, "message": ALL, "url": ALL, } authorization = ProgramScheduleAuthorization() validation = ProgramScheduleValidation() serializer = SetTopBoxSerializer(formats=['json']) authentication = MultiAuthentication( ApiKeyAuthentication(), BasicAuthentication(realm='cianet-middleware'), Authentication(),)
class Meta: queryset = GamePlayer.objects.all() allowed_methods = ALL_METHODS resource_name = 'gameplayer' authorization = DjangoAuthorization() authentication = MultiAuthentication( ApiKeyAuthentication(), SessionAuthentication() ) ordering = { 'date_created': ALL, 'date_updated': ALL } filtering = { 'id': ALL, 'player': ALL_WITH_RELATIONS, 'game': ALL_WITH_RELATIONS, 'date_created': ALL, 'date_updated': ALL }
class Meta: queryset = Artist.objects.all() list_allowed_methods = [ 'get', ] detail_allowed_methods = [ 'get', ] resource_name = 'library/artist' excludes = [ 'updated', ] include_absolute_url = True authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) authorization = Authorization() filtering = { 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], 'id': ['exact', 'in'], }
class Meta: queryset = Event.objects.all() list_allowed_methods = [ 'get', ] detail_allowed_methods = [ 'get', ] resource_name = 'atracker/event' include_resource_uri = False # TODO: double-check for sensitive information fields = [ 'created', ] authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication(), Authentication()) authorization = Authorization() always_return_data = True filtering = {}
class Meta: queryset = Message.objects.all() resource_name = 'messages' allowed_methods = ['get', 'post', 'delete', 'patch'] authorization = Authorization() authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) collection_name = 'messages' always_return_data = True filtering = { "slug": ( 'exact', 'startswith', ), "title": ALL, 'is_new': ALL, 'sender': ALL_WITH_RELATIONS, 'recipient': ALL_WITH_RELATIONS, 'chats': ALL_WITH_RELATIONS }
class Meta: resource_name = 'firestations' queryset = FireStation.objects.all() authorization = GuardianAuthorization(delegate_to_property='department', view_permission_code=None, update_permission_code='change_firedepartment', create_permission_code='change_firedepartment', delete_permission_code='admin_firedepartment') authentication = MultiAuthentication(Authentication(), SessionAuthentication(), ApiKeyAuthentication()) list_allowed_methods = ['get'] detail_allowed_methods = ['get', 'put'] filtering = {'department': ('exact',), 'state': ('exact',), 'id': ('exact',), 'fdid': ('exact',)} excludes = ['addressbuildingname', 'complex_id', 'data_security', 'distribution_policy', 'fcode', 'foot_id', 'ftype', 'globalid', 'gnis_id', 'islandmark', 'loaddate', 'objectid', 'permanent_identifier', 'pointlocationtype', 'source_datadesc', 'source_datasetid', 'source_featureid', 'source_originator', 'admintype' ] serializer = PrettyJSONSerializer() limit = 120
class Meta: queryset = Release.objects.order_by('-created').all() list_allowed_methods = [ 'get', ] detail_allowed_methods = [ 'get', ] resource_name = 'library/simplerelease' excludes = [ 'updated', ] include_absolute_url = True authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) authorization = Authorization() filtering = { 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], 'id': ['exact', 'in'], } cache = SimpleCache(timeout=600)
class Meta: queryset = Media.objects.order_by('tracknumber').all() list_allowed_methods = [ 'get', ] detail_allowed_methods = [ 'get', ] resource_name = 'library/track' detail_uri_name = 'uuid' excludes = ['updated', 'release__media'] include_absolute_url = True authentication = MultiAuthentication(ApiKeyAuthentication(), SessionAuthentication(), Authentication()) authorization = Authorization() limit = 50 filtering = { 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], 'id': ['exact', 'in'], }
class Meta: queryset = Export.objects.all() list_allowed_methods = ['get', 'post'] detail_allowed_methods = ['get', 'post', 'put', 'delete', 'patch'] resource_name = 'export' excludes = [ 'updated', ] include_absolute_url = True authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) authorization = Authorization() always_return_data = True limit = 100 max_limit = 200 filtering = { 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], 'status': [ 'exact', ], }
class Meta: SetTopBoxConfig = apps.get_model('client', 'SetTopBoxConfig') queryset = SetTopBoxConfig.objects.all() resource_name = 'settopboxconfig' allowed_methods = ['get', 'post', 'delete', 'put', 'patch'] urlconf_namespace = 'client' fields = ['key', 'value', 'value_type'] max_limit = 5000 limit = 2000 always_return_data = True filtering = { "key": ALL, "value_type": ALL, "settopbox": ALL } authorization = SetTopBoxAuthorization() validation = Validation() authentication = MultiAuthentication( ApiKeyAuthentication(), BasicAuthentication(realm='cianet-middleware'), Authentication(),)
class Meta: queryset = models.TractorRegForm.objects.all() resource_name = 'tractor-regform' list_allowed_methods = ['get', 'post', 'put', 'delete'] detail_allowed_methods = ['get', 'post', 'put', 'delete'] collection_name = 'regforms' authorization = Authorization() authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) filtering = { 'id': ALL, 'date': ALL, 'brigadier': ALL_WITH_RELATIONS, 'driver': ALL_WITH_RELATIONS, 'car': ALL_WITH_RELATIONS, 'station': ALL_WITH_RELATIONS, 'departament': ALL, 'event': ALL_WITH_RELATIONS, 'conducted': ALL, 'fuel_distribution': ALL_WITH_RELATIONS, }
class Meta: queryset = Run.objects.filter() resource_name = 'run' detail_allowed_methods = ['get', 'patch'] list_allowed_methods = ['get', 'post'] filtering = { 'schedule_dts': ALL, 'is_manual': ALL, 'job': ALL_WITH_RELATIONS, 'worker': ALL_WITH_RELATIONS, } authentication = MultiAuthentication(SessionAuthentication(), HmacAuthentication()) authorization = ModelAuthorization( api_key_path=( 'job__job_template__project__worker_pools__workers__api_key'), user_groups_path='job__job_template__project__groups', auth_user_groups_path='job__job_template__project__auth_groups', )
def test_apikey_and_authentication(self): auth = MultiAuthentication(ApiKeyAuthentication(), Authentication()) request = HttpRequest() john_doe = User.objects.get(username='******') # No username/api_key details should pass. self.assertEqual(auth.is_authenticated(request), True) # The identifier should be the basic auth stock. self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # Wrong username details. request = HttpRequest() request.GET['username'] = '******' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # No api_key. request = HttpRequest() request.GET['username'] = '******' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # Wrong user/api_key. request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = 'foo' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
class Meta: queryset = Job.objects.exclude( status__in=["removed", "error", "finished"]).order_by( '-timestamp_submission') object_class = Job authentication = MultiAuthentication(ProviderAuthentication(), HBPAuthentication()) authorization = CollabAuthorization() serializer = ISO8601UTCOffsetSerializer(formats=['json']) resource_name = "queue" # TODO: copy this class with another resource_name and filterQ applied list_allowed_methods = ['get', 'post' ] # you can retrieve all items and add item detail_allowed_methods = ['get', 'put', 'patch', 'delete' ] # you can retrieve and modify each item filtering = { 'status': ['exact'], 'id': ['exact'], 'collab_id': ['exact'], 'user_id': ['exact'], 'hardware_platform': ['exact'] } always_return_data = False
class Meta: # queryset = ImportFile.objects.all() list_allowed_methods = [ 'get', ] detail_allowed_methods = [ 'get', ] resource_name = 'abcast/base' # excludes = ['type','results_musicbrainz'] excludes = [ 'type', ] authentication = MultiAuthentication(ApiKeyAuthentication(), SessionAuthentication(), Authentication()) authorization = Authorization() always_return_data = True filtering = { 'import_session': ALL_WITH_RELATIONS, 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], }
class Meta: object_class = models.Section allowed_methods = ('get', 'post', 'put', 'patch', 'delete') excludes = ('id', ) filtering = { 'created_by': ALL, 'updated_by': ALL, 'status': ('exact', 'ne'), 'created': DATE_FILTERS, 'last_updated': DATE_FILTERS, } ordering = ( 'name', 'help_text', 'status', 'created', 'updated', ) always_return_data = True authorization = AppAuthorization() authentication = MultiAuthentication(AppApiKeyAuthentication(), CookieBasicAuthentication())
class Meta: # queryset = Playlist.objects.order_by('-created').all() queryset = Playlist.objects.order_by('-updated').all().nocache() list_allowed_methods = ['get', ] detail_allowed_methods = ['get', ] resource_name = 'library/simpleplaylist' # excludes = ['updated',] include_absolute_url = True always_return_data = True authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) authorization = Authorization() limit = 50 filtering = { # 'channel': ALL_WITH_RELATIONS, 'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'], 'status': ['exact', 'range', ], 'is_current': ['exact', ], 'type': ['exact', 'in'], 'id': ['in', ], }
class Meta: queryset = WorkerPool.objects.all() resource_name = 'worker_pool' list_allowed_methods = ['get'] detail_allowed_methods = ['get'] fields = [ 'id', 'title', 'description', 'enqueue_is_enabled', ] filtering = { 'title': 'exact', } authentication = MultiAuthentication(SessionAuthentication(), HmacAuthentication()) authorization = ModelAuthorization( api_key_path='workers__api_key', user_groups_path='project__groups', )
class Meta: queryset = models.Waybill.objects.all() limit = 200 resource_name = 'waybill' list_allowed_methods = ['get', 'post', 'put', 'delete'] detail_allowed_methods = ['get', 'post', 'put', 'delete'] always_return_data = True collection_name = 'waybills' authorization = Authorization() authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication()) filtering = { 'number': ALL, 'date': ALL, 'station': ALL_WITH_RELATIONS, 'departament': ALL, 'car': ALL_WITH_RELATIONS, 'is_completed': ALL, 'conducted': ALL, 'driver': ALL_WITH_RELATIONS, 'fuel_issued': ALL, 'fuel_distribution': ALL_WITH_RELATIONS, }