class Meta(CommonMetaApi):
paginator_class = CrossSiteXHRPaginator
queryset = Layer.objects.distinct().order_by('-date')
resource_name = 'layers'
detail_uri_name = 'id'
include_resource_uri = True
allowed_methods = ['get', 'patch']
excludes = ['csw_anytext', 'metadata_xml']
authentication = MultiAuthentication(SessionAuthentication(),
OAuthAuthentication(),
GeonodeApiKeyAuthentication())
filtering = CommonMetaApi.filtering
# Allow filtering using ID
filtering.update({
'id': ALL,
'name': ALL,
'alternate': ALL,
'metadata_only': ALL
})
class Meta:
queryset = Chance.objects.all()
allowed_methods = ALL_METHODS
resource_name = 'chance'
authorization = DjangoAuthorization()
authentication = MultiAuthentication(
ApiKeyAuthentication(),
SessionAuthentication()
)
ordering = {
'date_created': ALL,
'date_updated': ALL
}
filtering = {
'id': ALL,
'number': ALL,
'date_created': ALL,
'date_updated': ALL
}
class Meta:
abstract = True
limit = 100
include_resource_uri = False
include_absolute_url = False
allowed_methods = ['get']
fields = ['id']
throttle = CacheThrottle(throttle_at=10, timeframe=60)
authentication = MultiAuthentication(
ApiKeyAuthentication(),
SessionAuthentication(),
OAuth2ScopedAuthentication(
post=('read write', ),
get=('read', ),
put=('read', 'write'),
),
)
class Meta:
queryset = Resource.objects.all()
resource_name = 'resource'
excludes = ['source_peer']
allowed_methods = ['get', 'post', 'put']
authentication = MultiAuthentication(ApiKeyAuthentication(),
SessionAuthentication())
authorization = ORBResourceAuthorization()
serializer = ResourceSerializer()
always_return_data = True
include_resource_uri = True
throttle = CacheDBThrottle(throttle_at=1000, timeframe=3600)
ordering = ['update_date']
filtering = {
'update_date':
['lte',
'gte'], # `exact` would imply a timestamp, not date comparison
'status': ['exact'],
}
class Meta:
readonly_fields = ['owned_tracts_geom']
resource_name = 'fire-departments'
queryset = FireDepartment.objects.defer('owned_tracts_geom').filter(
archived=False)
authorization = GuardianAuthorization(
view_permission_code=None,
update_permission_code='change_firedepartment',
create_permission_code='change_firedepartment',
delete_permission_code='admin_firedepartment')
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
cache = SimpleCache()
list_allowed_methods = ['get', 'put']
detail_allowed_methods = ['get', 'put']
filtering = {'state': ALL, 'featured': ALL, 'fdid': ALL, 'id': ALL}
serializer = PrettyJSONSerializer()
limit = 120
max_limit = 2000
class Meta:
authentication = MultiAuthentication(SessionAuthentication(), BasicAuthentication())
list_allowed_methods = ['get']
detail_allowed_methods = []
filtering = {
'date': ALL
}
grouping = [
'category__name',
'date__month',
'date__day',
'date__year'
]
queryset = Transaction.objects.all()
limit = 100
annotations = {
'total': Count('pk'),
'sum': Sum('value')
}
class Meta:
# For authentication, allow both basic and api key so that the key
# can be grabbed, if needed.
authentication = MultiAuthentication(
InlineBasicAuthentication(),
BasicAuthentication(),
ApiKeyAuthentication(),TokenAuthentication())
authorization = Authorization()
serializer = Serializer(formats=['json'])
# Because this can be updated nested under the UserProfile, it needed
# 'put'. No idea why, since patch is supposed to be able to handle
# partial updates.
allowed_methods = ['get', 'put' ]
always_return_data = True
queryset = User.objects.all().select_related("api_key")
resource_name = "users"
fields = ['last_name','first_name','username','is_active','email','password','is_staff','is_superuser']
filtering = {'username':ALL_WITH_RELATIONS,'email':ALL}
def test_apikey_and_authentication_enforce_user(self):
session_auth = SessionAuthentication()
api_key_auth = ApiKeyAuthentication()
auth = MultiAuthentication(api_key_auth, session_auth)
john_doe = User.objects.get(username='******')
request1 = HttpRequest()
request2 = HttpRequest()
request3 = HttpRequest()
request1.method = 'POST'
request1.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request1.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request1.user = john_doe
request2.POST['username'] = '******'
request2.POST['api_key'] = 'invalid key'
request3.method = 'POST'
request3.META = {
'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
}
request3.COOKIES = {
settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
}
request3.user = john_doe
request3.POST['username'] = '******'
request3.POST['api_key'] = 'invalid key'
#session auth should pass if since john_doe is logged in
self.assertTrue(session_auth.is_authenticated(request1))
#api key auth should fail because of invalid api key
self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True)
#multi auth shouldn't change users if api key auth fails
#multi auth passes since session auth is valid
self.assertEqual(request3.user.username, 'johndoe')
self.assertTrue(auth.is_authenticated(request3))
self.assertEqual(request3.user.username, 'johndoe')
class Meta:
queryset = models.FuelDistribution.objects.all()
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
resource_name = 'fuel-distributions'
collection_name = 'fuel_distributions'
always_return_data = True
authorization = Authorization()
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
filtering = {
'station': ALL_WITH_RELATIONS,
'car': ALL_WITH_RELATIONS,
'worker': ALL_WITH_RELATIONS,
'waybills': ALL_WITH_RELATIONS,
'outfits': ALL_WITH_RELATIONS,
'regforms': ALL_WITH_RELATIONS,
'author': ALL_WITH_RELATIONS,
'date': ALL,
}
class Meta:
object_class = models.Manuscript
allowed_methods = ('get', 'post', 'patch', 'delete')
filtering = {
'status': ALL,
'created': DATE_FILTERS,
'last_updated': DATE_FILTERS,
}
excludes = ('id', )
ordering = (
'name',
'title',
'status',
'created',
'updated',
)
always_return_data = True
authorization = AnyoneCanViewAuthorization()
authentication = MultiAuthentication(AppApiKeyAuthentication(),
CookieBasicAuthentication())
class Meta:
queryset = Job.objects.filter(
status__in=['finished', 'error']).order_by('-timestamp_submission')
authentication = MultiAuthentication(ProviderAuthentication(),
HBPAuthentication())
authorization = CollabAuthorization()
serializer = ISO8601UTCOffsetSerializer(formats=['json'])
resource_name = "results"
list_allowed_methods = ['get'] # you can only retrieve the list
# you can retrieve and modify each item
detail_allowed_methods = ['get', 'put', 'patch', 'delete']
always_return_data = False
filtering = {
'tags': ALL,
'comments': ALL,
'status': ['exact'],
'id': ['exact'],
'collab_id': ['exact'],
'hardware_platform': ['exact']
}
class Meta:
SetTopBoxProgramSchedule = apps.get_model('client', 'SetTopBoxProgramSchedule')
queryset = SetTopBoxProgramSchedule.objects.all()
resource_name = 'settopboxprogramschedule'
allowed_methods = ['get', 'post', 'delete', 'put', 'patch']
urlconf_namespace = 'client'
fields = ['schedule_date', 'message', 'url']
always_return_data = True
filtering = {
"schedule_date": ALL,
"message": ALL,
"url": ALL,
}
authorization = ProgramScheduleAuthorization()
validation = ProgramScheduleValidation()
serializer = SetTopBoxSerializer(formats=['json'])
authentication = MultiAuthentication(
ApiKeyAuthentication(),
BasicAuthentication(realm='cianet-middleware'),
Authentication(),)
class Meta:
queryset = GamePlayer.objects.all()
allowed_methods = ALL_METHODS
resource_name = 'gameplayer'
authorization = DjangoAuthorization()
authentication = MultiAuthentication(
ApiKeyAuthentication(),
SessionAuthentication()
)
ordering = {
'date_created': ALL,
'date_updated': ALL
}
filtering = {
'id': ALL,
'player': ALL_WITH_RELATIONS,
'game': ALL_WITH_RELATIONS,
'date_created': ALL,
'date_updated': ALL
}
class Meta:
queryset = Artist.objects.all()
list_allowed_methods = [
'get',
]
detail_allowed_methods = [
'get',
]
resource_name = 'library/artist'
excludes = [
'updated',
]
include_absolute_url = True
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
authorization = Authorization()
filtering = {
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
'id': ['exact', 'in'],
}
class Meta:
queryset = Event.objects.all()
list_allowed_methods = [
'get',
]
detail_allowed_methods = [
'get',
]
resource_name = 'atracker/event'
include_resource_uri = False
# TODO: double-check for sensitive information
fields = [
'created',
]
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication(),
Authentication())
authorization = Authorization()
always_return_data = True
filtering = {}
class Meta:
queryset = Message.objects.all()
resource_name = 'messages'
allowed_methods = ['get', 'post', 'delete', 'patch']
authorization = Authorization()
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
collection_name = 'messages'
always_return_data = True
filtering = {
"slug": (
'exact',
'startswith',
),
"title": ALL,
'is_new': ALL,
'sender': ALL_WITH_RELATIONS,
'recipient': ALL_WITH_RELATIONS,
'chats': ALL_WITH_RELATIONS
}
class Meta:
resource_name = 'firestations'
queryset = FireStation.objects.all()
authorization = GuardianAuthorization(delegate_to_property='department',
view_permission_code=None,
update_permission_code='change_firedepartment',
create_permission_code='change_firedepartment',
delete_permission_code='admin_firedepartment')
authentication = MultiAuthentication(Authentication(), SessionAuthentication(), ApiKeyAuthentication())
list_allowed_methods = ['get']
detail_allowed_methods = ['get', 'put']
filtering = {'department': ('exact',), 'state': ('exact',), 'id': ('exact',), 'fdid': ('exact',)}
excludes = ['addressbuildingname', 'complex_id', 'data_security', 'distribution_policy', 'fcode', 'foot_id',
'ftype', 'globalid', 'gnis_id', 'islandmark', 'loaddate', 'objectid', 'permanent_identifier',
'pointlocationtype', 'source_datadesc', 'source_datasetid', 'source_featureid',
'source_originator', 'admintype'
]
serializer = PrettyJSONSerializer()
limit = 120
class Meta:
queryset = Release.objects.order_by('-created').all()
list_allowed_methods = [
'get',
]
detail_allowed_methods = [
'get',
]
resource_name = 'library/simplerelease'
excludes = [
'updated',
]
include_absolute_url = True
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
authorization = Authorization()
filtering = {
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
'id': ['exact', 'in'],
}
cache = SimpleCache(timeout=600)
class Meta:
queryset = Media.objects.order_by('tracknumber').all()
list_allowed_methods = [
'get',
]
detail_allowed_methods = [
'get',
]
resource_name = 'library/track'
detail_uri_name = 'uuid'
excludes = ['updated', 'release__media']
include_absolute_url = True
authentication = MultiAuthentication(ApiKeyAuthentication(),
SessionAuthentication(),
Authentication())
authorization = Authorization()
limit = 50
filtering = {
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
'id': ['exact', 'in'],
}
class Meta:
queryset = Export.objects.all()
list_allowed_methods = ['get', 'post']
detail_allowed_methods = ['get', 'post', 'put', 'delete', 'patch']
resource_name = 'export'
excludes = [
'updated',
]
include_absolute_url = True
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
authorization = Authorization()
always_return_data = True
limit = 100
max_limit = 200
filtering = {
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
'status': [
'exact',
],
}
class Meta:
SetTopBoxConfig = apps.get_model('client', 'SetTopBoxConfig')
queryset = SetTopBoxConfig.objects.all()
resource_name = 'settopboxconfig'
allowed_methods = ['get', 'post', 'delete', 'put', 'patch']
urlconf_namespace = 'client'
fields = ['key', 'value', 'value_type']
max_limit = 5000
limit = 2000
always_return_data = True
filtering = {
"key": ALL,
"value_type": ALL,
"settopbox": ALL
}
authorization = SetTopBoxAuthorization()
validation = Validation()
authentication = MultiAuthentication(
ApiKeyAuthentication(),
BasicAuthentication(realm='cianet-middleware'),
Authentication(),)
class Meta:
queryset = models.TractorRegForm.objects.all()
resource_name = 'tractor-regform'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
collection_name = 'regforms'
authorization = Authorization()
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
filtering = {
'id': ALL,
'date': ALL,
'brigadier': ALL_WITH_RELATIONS,
'driver': ALL_WITH_RELATIONS,
'car': ALL_WITH_RELATIONS,
'station': ALL_WITH_RELATIONS,
'departament': ALL,
'event': ALL_WITH_RELATIONS,
'conducted': ALL,
'fuel_distribution': ALL_WITH_RELATIONS,
}
class Meta:
queryset = Run.objects.filter()
resource_name = 'run'
detail_allowed_methods = ['get', 'patch']
list_allowed_methods = ['get', 'post']
filtering = {
'schedule_dts': ALL,
'is_manual': ALL,
'job': ALL_WITH_RELATIONS,
'worker': ALL_WITH_RELATIONS,
}
authentication = MultiAuthentication(SessionAuthentication(),
HmacAuthentication())
authorization = ModelAuthorization(
api_key_path=(
'job__job_template__project__worker_pools__workers__api_key'),
user_groups_path='job__job_template__project__groups',
auth_user_groups_path='job__job_template__project__auth_groups',
)
def test_apikey_and_authentication(self):
auth = MultiAuthentication(ApiKeyAuthentication(), Authentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
# No username/api_key details should pass.
self.assertEqual(auth.is_authenticated(request), True)
# The identifier should be the basic auth stock.
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong username details.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# No api_key.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong user/api_key.
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
class Meta:
queryset = Job.objects.exclude(
status__in=["removed", "error", "finished"]).order_by(
'-timestamp_submission')
object_class = Job
authentication = MultiAuthentication(ProviderAuthentication(),
HBPAuthentication())
authorization = CollabAuthorization()
serializer = ISO8601UTCOffsetSerializer(formats=['json'])
resource_name = "queue" # TODO: copy this class with another resource_name and filterQ applied
list_allowed_methods = ['get', 'post'
] # you can retrieve all items and add item
detail_allowed_methods = ['get', 'put', 'patch', 'delete'
] # you can retrieve and modify each item
filtering = {
'status': ['exact'],
'id': ['exact'],
'collab_id': ['exact'],
'user_id': ['exact'],
'hardware_platform': ['exact']
}
always_return_data = False
class Meta:
# queryset = ImportFile.objects.all()
list_allowed_methods = [
'get',
]
detail_allowed_methods = [
'get',
]
resource_name = 'abcast/base'
# excludes = ['type','results_musicbrainz']
excludes = [
'type',
]
authentication = MultiAuthentication(ApiKeyAuthentication(),
SessionAuthentication(),
Authentication())
authorization = Authorization()
always_return_data = True
filtering = {
'import_session': ALL_WITH_RELATIONS,
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
}
class Meta:
object_class = models.Section
allowed_methods = ('get', 'post', 'put', 'patch', 'delete')
excludes = ('id', )
filtering = {
'created_by': ALL,
'updated_by': ALL,
'status': ('exact', 'ne'),
'created': DATE_FILTERS,
'last_updated': DATE_FILTERS,
}
ordering = (
'name',
'help_text',
'status',
'created',
'updated',
)
always_return_data = True
authorization = AppAuthorization()
authentication = MultiAuthentication(AppApiKeyAuthentication(),
CookieBasicAuthentication())
class Meta:
# queryset = Playlist.objects.order_by('-created').all()
queryset = Playlist.objects.order_by('-updated').all().nocache()
list_allowed_methods = ['get', ]
detail_allowed_methods = ['get', ]
resource_name = 'library/simpleplaylist'
# excludes = ['updated',]
include_absolute_url = True
always_return_data = True
authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication())
authorization = Authorization()
limit = 50
filtering = {
# 'channel': ALL_WITH_RELATIONS,
'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
'status': ['exact', 'range', ],
'is_current': ['exact', ],
'type': ['exact', 'in'],
'id': ['in', ],
}
class Meta:
queryset = WorkerPool.objects.all()
resource_name = 'worker_pool'
list_allowed_methods = ['get']
detail_allowed_methods = ['get']
fields = [
'id',
'title',
'description',
'enqueue_is_enabled',
]
filtering = {
'title': 'exact',
}
authentication = MultiAuthentication(SessionAuthentication(),
HmacAuthentication())
authorization = ModelAuthorization(
api_key_path='workers__api_key',
user_groups_path='project__groups',
)
class Meta:
queryset = models.Waybill.objects.all()
limit = 200
resource_name = 'waybill'
list_allowed_methods = ['get', 'post', 'put', 'delete']
detail_allowed_methods = ['get', 'post', 'put', 'delete']
always_return_data = True
collection_name = 'waybills'
authorization = Authorization()
authentication = MultiAuthentication(SessionAuthentication(),
ApiKeyAuthentication())
filtering = {
'number': ALL,
'date': ALL,
'station': ALL_WITH_RELATIONS,
'departament': ALL,
'car': ALL_WITH_RELATIONS,
'is_completed': ALL,
'conducted': ALL,
'driver': ALL_WITH_RELATIONS,
'fuel_issued': ALL,
'fuel_distribution': ALL_WITH_RELATIONS,
}
