Exemplo n.º 1
0
 class Meta(CommonMetaApi):
     paginator_class = CrossSiteXHRPaginator
     queryset = Layer.objects.distinct().order_by('-date')
     resource_name = 'layers'
     detail_uri_name = 'id'
     include_resource_uri = True
     allowed_methods = ['get', 'patch']
     excludes = ['csw_anytext', 'metadata_xml']
     authentication = MultiAuthentication(SessionAuthentication(),
                                          OAuthAuthentication(),
                                          GeonodeApiKeyAuthentication())
     filtering = CommonMetaApi.filtering
     # Allow filtering using ID
     filtering.update({
         'id': ALL,
         'name': ALL,
         'alternate': ALL,
         'metadata_only': ALL
     })
Exemplo n.º 2
0
 class Meta:
     queryset = Chance.objects.all()
     allowed_methods = ALL_METHODS
     resource_name = 'chance'
     authorization = DjangoAuthorization()
     authentication = MultiAuthentication(
         ApiKeyAuthentication(),
         SessionAuthentication()
     )
     ordering = {
         'date_created': ALL,
         'date_updated': ALL
     }
     filtering = {
         'id': ALL,
         'number': ALL,
         'date_created': ALL,
         'date_updated': ALL
     }
Exemplo n.º 3
0
    class Meta:
        abstract = True
        limit = 100
        include_resource_uri = False
        include_absolute_url = False
        allowed_methods = ['get']
        fields = ['id']

        throttle = CacheThrottle(throttle_at=10, timeframe=60)

        authentication = MultiAuthentication(
            ApiKeyAuthentication(),
            SessionAuthentication(),
            OAuth2ScopedAuthentication(
                post=('read write', ),
                get=('read', ),
                put=('read', 'write'),
            ),
        )
Exemplo n.º 4
0
 class Meta:
     queryset = Resource.objects.all()
     resource_name = 'resource'
     excludes = ['source_peer']
     allowed_methods = ['get', 'post', 'put']
     authentication = MultiAuthentication(ApiKeyAuthentication(),
                                          SessionAuthentication())
     authorization = ORBResourceAuthorization()
     serializer = ResourceSerializer()
     always_return_data = True
     include_resource_uri = True
     throttle = CacheDBThrottle(throttle_at=1000, timeframe=3600)
     ordering = ['update_date']
     filtering = {
         'update_date':
         ['lte',
          'gte'],  # `exact` would imply a timestamp, not date comparison
         'status': ['exact'],
     }
Exemplo n.º 5
0
 class Meta:
     readonly_fields = ['owned_tracts_geom']
     resource_name = 'fire-departments'
     queryset = FireDepartment.objects.defer('owned_tracts_geom').filter(
         archived=False)
     authorization = GuardianAuthorization(
         view_permission_code=None,
         update_permission_code='change_firedepartment',
         create_permission_code='change_firedepartment',
         delete_permission_code='admin_firedepartment')
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     cache = SimpleCache()
     list_allowed_methods = ['get', 'put']
     detail_allowed_methods = ['get', 'put']
     filtering = {'state': ALL, 'featured': ALL, 'fdid': ALL, 'id': ALL}
     serializer = PrettyJSONSerializer()
     limit = 120
     max_limit = 2000
Exemplo n.º 6
0
 class Meta:
     authentication = MultiAuthentication(SessionAuthentication(), BasicAuthentication())
     list_allowed_methods = ['get']
     detail_allowed_methods = []
     filtering = {
         'date': ALL
     }
     grouping = [
         'category__name',
         'date__month',
         'date__day',
         'date__year'
     ]
     queryset = Transaction.objects.all()
     limit = 100
     annotations = {
         'total': Count('pk'),
         'sum': Sum('value')
     }
Exemplo n.º 7
0
    class Meta:
        # For authentication, allow both basic and api key so that the key
        # can be grabbed, if needed.
        authentication = MultiAuthentication(
            InlineBasicAuthentication(),
            BasicAuthentication(),
            ApiKeyAuthentication(),TokenAuthentication())
        authorization = Authorization()
        serializer = Serializer(formats=['json'])

        # Because this can be updated nested under the UserProfile, it needed
        # 'put'. No idea why, since patch is supposed to be able to handle
        # partial updates.
        allowed_methods = ['get', 'put' ]
        always_return_data = True
        queryset = User.objects.all().select_related("api_key")
        resource_name = "users"
        fields = ['last_name','first_name','username','is_active','email','password','is_staff','is_superuser']
        filtering = {'username':ALL_WITH_RELATIONS,'email':ALL}
Exemplo n.º 8
0
    def test_apikey_and_authentication_enforce_user(self):
        session_auth = SessionAuthentication()
        api_key_auth = ApiKeyAuthentication()
        auth = MultiAuthentication(api_key_auth, session_auth)
        john_doe = User.objects.get(username='******')
        request1 = HttpRequest()
        request2 = HttpRequest()
        request3 = HttpRequest()

        request1.method = 'POST'
        request1.META = {
            'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
        }
        request1.COOKIES = {
            settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
        }
        request1.user = john_doe

        request2.POST['username'] = '******'
        request2.POST['api_key'] = 'invalid key'

        request3.method = 'POST'
        request3.META = {
            'HTTP_X_CSRFTOKEN': 'abcdef1234567890abcdef1234567890'
        }
        request3.COOKIES = {
            settings.CSRF_COOKIE_NAME: 'abcdef1234567890abcdef1234567890'
        }
        request3.user = john_doe
        request3.POST['username'] = '******'
        request3.POST['api_key'] = 'invalid key'

        #session auth should pass if since john_doe is logged in
        self.assertTrue(session_auth.is_authenticated(request1))
        #api key auth should fail because of invalid api key
        self.assertEqual(isinstance(api_key_auth.is_authenticated(request2), HttpUnauthorized), True)

        #multi auth shouldn't change users if api key auth fails
        #multi auth passes since session auth is valid
        self.assertEqual(request3.user.username, 'johndoe')
        self.assertTrue(auth.is_authenticated(request3))
        self.assertEqual(request3.user.username, 'johndoe')
Exemplo n.º 9
0
 class Meta:
     queryset = models.FuelDistribution.objects.all()
     list_allowed_methods = ['get', 'post', 'put', 'delete']
     detail_allowed_methods = ['get', 'post', 'put', 'delete']
     resource_name = 'fuel-distributions'
     collection_name = 'fuel_distributions'
     always_return_data = True
     authorization = Authorization()
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     filtering = {
         'station': ALL_WITH_RELATIONS,
         'car': ALL_WITH_RELATIONS,
         'worker': ALL_WITH_RELATIONS,
         'waybills': ALL_WITH_RELATIONS,
         'outfits': ALL_WITH_RELATIONS,
         'regforms': ALL_WITH_RELATIONS,
         'author': ALL_WITH_RELATIONS,
         'date': ALL,
     }
Exemplo n.º 10
0
 class Meta:
     object_class = models.Manuscript
     allowed_methods = ('get', 'post', 'patch', 'delete')
     filtering = {
         'status': ALL,
         'created': DATE_FILTERS,
         'last_updated': DATE_FILTERS,
     }
     excludes = ('id', )
     ordering = (
         'name',
         'title',
         'status',
         'created',
         'updated',
     )
     always_return_data = True
     authorization = AnyoneCanViewAuthorization()
     authentication = MultiAuthentication(AppApiKeyAuthentication(),
                                          CookieBasicAuthentication())
Exemplo n.º 11
0
 class Meta:
     queryset = Job.objects.filter(
         status__in=['finished', 'error']).order_by('-timestamp_submission')
     authentication = MultiAuthentication(ProviderAuthentication(),
                                          HBPAuthentication())
     authorization = CollabAuthorization()
     serializer = ISO8601UTCOffsetSerializer(formats=['json'])
     resource_name = "results"
     list_allowed_methods = ['get']  # you can only retrieve the list
     # you can retrieve and modify each item
     detail_allowed_methods = ['get', 'put', 'patch', 'delete']
     always_return_data = False
     filtering = {
         'tags': ALL,
         'comments': ALL,
         'status': ['exact'],
         'id': ['exact'],
         'collab_id': ['exact'],
         'hardware_platform': ['exact']
     }
Exemplo n.º 12
0
 class Meta:
     SetTopBoxProgramSchedule = apps.get_model('client', 'SetTopBoxProgramSchedule')
     queryset = SetTopBoxProgramSchedule.objects.all()
     resource_name = 'settopboxprogramschedule'
     allowed_methods = ['get', 'post', 'delete', 'put', 'patch']
     urlconf_namespace = 'client'
     fields = ['schedule_date', 'message', 'url']
     always_return_data = True
     filtering = {
         "schedule_date": ALL,
         "message": ALL,
         "url": ALL,
     }
     authorization = ProgramScheduleAuthorization()
     validation = ProgramScheduleValidation()
     serializer = SetTopBoxSerializer(formats=['json'])
     authentication = MultiAuthentication(
         ApiKeyAuthentication(),
         BasicAuthentication(realm='cianet-middleware'),
         Authentication(),)
Exemplo n.º 13
0
 class Meta:
     queryset = GamePlayer.objects.all()
     allowed_methods = ALL_METHODS
     resource_name = 'gameplayer'
     authorization = DjangoAuthorization()
     authentication = MultiAuthentication(
         ApiKeyAuthentication(),
         SessionAuthentication()
     )
     ordering = {
         'date_created': ALL,
         'date_updated': ALL
     }
     filtering = {
         'id': ALL,
         'player': ALL_WITH_RELATIONS,
         'game': ALL_WITH_RELATIONS,
         'date_created': ALL,
         'date_updated': ALL
     }
Exemplo n.º 14
0
 class Meta:
     queryset = Artist.objects.all()
     list_allowed_methods = [
         'get',
     ]
     detail_allowed_methods = [
         'get',
     ]
     resource_name = 'library/artist'
     excludes = [
         'updated',
     ]
     include_absolute_url = True
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     authorization = Authorization()
     filtering = {
         'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
         'id': ['exact', 'in'],
     }
Exemplo n.º 15
0
 class Meta:
     queryset = Event.objects.all()
     list_allowed_methods = [
         'get',
     ]
     detail_allowed_methods = [
         'get',
     ]
     resource_name = 'atracker/event'
     include_resource_uri = False
     # TODO: double-check for sensitive information
     fields = [
         'created',
     ]
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication(),
                                          Authentication())
     authorization = Authorization()
     always_return_data = True
     filtering = {}
Exemplo n.º 16
0
 class Meta:
     queryset = Message.objects.all()
     resource_name = 'messages'
     allowed_methods = ['get', 'post', 'delete', 'patch']
     authorization = Authorization()
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     collection_name = 'messages'
     always_return_data = True
     filtering = {
         "slug": (
             'exact',
             'startswith',
         ),
         "title": ALL,
         'is_new': ALL,
         'sender': ALL_WITH_RELATIONS,
         'recipient': ALL_WITH_RELATIONS,
         'chats': ALL_WITH_RELATIONS
     }
Exemplo n.º 17
0
    class Meta:
        resource_name = 'firestations'

        queryset = FireStation.objects.all()
        authorization = GuardianAuthorization(delegate_to_property='department',
                                              view_permission_code=None,
                                              update_permission_code='change_firedepartment',
                                              create_permission_code='change_firedepartment',
                                              delete_permission_code='admin_firedepartment')
        authentication = MultiAuthentication(Authentication(), SessionAuthentication(), ApiKeyAuthentication())
        list_allowed_methods = ['get']
        detail_allowed_methods = ['get', 'put']
        filtering = {'department': ('exact',), 'state': ('exact',), 'id': ('exact',), 'fdid': ('exact',)}
        excludes = ['addressbuildingname', 'complex_id', 'data_security', 'distribution_policy', 'fcode', 'foot_id',
                    'ftype', 'globalid', 'gnis_id', 'islandmark', 'loaddate', 'objectid', 'permanent_identifier',
                    'pointlocationtype', 'source_datadesc', 'source_datasetid', 'source_featureid',
                    'source_originator', 'admintype'
                    ]
        serializer = PrettyJSONSerializer()
        limit = 120
Exemplo n.º 18
0
 class Meta:
     queryset = Release.objects.order_by('-created').all()
     list_allowed_methods = [
         'get',
     ]
     detail_allowed_methods = [
         'get',
     ]
     resource_name = 'library/simplerelease'
     excludes = [
         'updated',
     ]
     include_absolute_url = True
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     authorization = Authorization()
     filtering = {
         'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
         'id': ['exact', 'in'],
     }
     cache = SimpleCache(timeout=600)
Exemplo n.º 19
0
 class Meta:
     queryset = Media.objects.order_by('tracknumber').all()
     list_allowed_methods = [
         'get',
     ]
     detail_allowed_methods = [
         'get',
     ]
     resource_name = 'library/track'
     detail_uri_name = 'uuid'
     excludes = ['updated', 'release__media']
     include_absolute_url = True
     authentication = MultiAuthentication(ApiKeyAuthentication(),
                                          SessionAuthentication(),
                                          Authentication())
     authorization = Authorization()
     limit = 50
     filtering = {
         'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
         'id': ['exact', 'in'],
     }
Exemplo n.º 20
0
 class Meta:
     queryset = Export.objects.all()
     list_allowed_methods = ['get', 'post']
     detail_allowed_methods = ['get', 'post', 'put', 'delete', 'patch']
     resource_name = 'export'
     excludes = [
         'updated',
     ]
     include_absolute_url = True
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     authorization = Authorization()
     always_return_data = True
     limit = 100
     max_limit = 200
     filtering = {
         'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
         'status': [
             'exact',
         ],
     }
Exemplo n.º 21
0
 class Meta:
     SetTopBoxConfig = apps.get_model('client', 'SetTopBoxConfig')
     queryset = SetTopBoxConfig.objects.all()
     resource_name = 'settopboxconfig'
     allowed_methods = ['get', 'post', 'delete', 'put', 'patch']
     urlconf_namespace = 'client'
     fields = ['key', 'value', 'value_type']
     max_limit = 5000
     limit = 2000
     always_return_data = True
     filtering = {
         "key": ALL,
         "value_type": ALL,
         "settopbox": ALL
     }
     authorization = SetTopBoxAuthorization()
     validation = Validation()
     authentication = MultiAuthentication(
         ApiKeyAuthentication(),
         BasicAuthentication(realm='cianet-middleware'),
         Authentication(),)
Exemplo n.º 22
0
 class Meta:
     queryset = models.TractorRegForm.objects.all()
     resource_name = 'tractor-regform'
     list_allowed_methods = ['get', 'post', 'put', 'delete']
     detail_allowed_methods = ['get', 'post', 'put', 'delete']
     collection_name = 'regforms'
     authorization = Authorization()
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     filtering = {
         'id': ALL,
         'date': ALL,
         'brigadier': ALL_WITH_RELATIONS,
         'driver': ALL_WITH_RELATIONS,
         'car': ALL_WITH_RELATIONS,
         'station': ALL_WITH_RELATIONS,
         'departament': ALL,
         'event': ALL_WITH_RELATIONS,
         'conducted': ALL,
         'fuel_distribution': ALL_WITH_RELATIONS,
     }
Exemplo n.º 23
0
    class Meta:
        queryset = Run.objects.filter()
        resource_name = 'run'
        detail_allowed_methods = ['get', 'patch']
        list_allowed_methods = ['get', 'post']
        filtering = {
            'schedule_dts': ALL,
            'is_manual': ALL,
            'job': ALL_WITH_RELATIONS,
            'worker': ALL_WITH_RELATIONS,
        }

        authentication = MultiAuthentication(SessionAuthentication(),
                                             HmacAuthentication())

        authorization = ModelAuthorization(
            api_key_path=(
                'job__job_template__project__worker_pools__workers__api_key'),
            user_groups_path='job__job_template__project__groups',
            auth_user_groups_path='job__job_template__project__auth_groups',
        )
Exemplo n.º 24
0
    def test_apikey_and_authentication(self):
        auth = MultiAuthentication(ApiKeyAuthentication(), Authentication())
        request = HttpRequest()

        john_doe = User.objects.get(username='******')

        # No username/api_key details should pass.
        self.assertEqual(auth.is_authenticated(request), True)

        # The identifier should be the basic auth stock.
        self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')

        # Wrong username details.
        request = HttpRequest()
        request.GET['username'] = '******'

        self.assertEqual(auth.is_authenticated(request), True)
        self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')

        # No api_key.
        request = HttpRequest()
        request.GET['username'] = '******'

        self.assertEqual(auth.is_authenticated(request), True)
        self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')

        # Wrong user/api_key.
        request = HttpRequest()
        request.GET['username'] = '******'
        request.GET['api_key'] = 'foo'

        self.assertEqual(auth.is_authenticated(request), True)
        self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')

        request = HttpRequest()
        request.GET['username'] = '******'
        request.GET['api_key'] = john_doe.api_key.key

        self.assertEqual(auth.is_authenticated(request), True)
        self.assertEqual(auth.get_identifier(request), john_doe.username)
Exemplo n.º 25
0
 class Meta:
     queryset = Job.objects.exclude(
         status__in=["removed", "error", "finished"]).order_by(
             '-timestamp_submission')
     object_class = Job
     authentication = MultiAuthentication(ProviderAuthentication(),
                                          HBPAuthentication())
     authorization = CollabAuthorization()
     serializer = ISO8601UTCOffsetSerializer(formats=['json'])
     resource_name = "queue"  # TODO: copy this class with another resource_name and filterQ applied
     list_allowed_methods = ['get', 'post'
                             ]  # you can retrieve all items and add item
     detail_allowed_methods = ['get', 'put', 'patch', 'delete'
                               ]  # you can retrieve and modify each item
     filtering = {
         'status': ['exact'],
         'id': ['exact'],
         'collab_id': ['exact'],
         'user_id': ['exact'],
         'hardware_platform': ['exact']
     }
     always_return_data = False
Exemplo n.º 26
0
 class Meta:
     # queryset = ImportFile.objects.all()
     list_allowed_methods = [
         'get',
     ]
     detail_allowed_methods = [
         'get',
     ]
     resource_name = 'abcast/base'
     # excludes = ['type','results_musicbrainz']
     excludes = [
         'type',
     ]
     authentication = MultiAuthentication(ApiKeyAuthentication(),
                                          SessionAuthentication(),
                                          Authentication())
     authorization = Authorization()
     always_return_data = True
     filtering = {
         'import_session': ALL_WITH_RELATIONS,
         'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
     }
Exemplo n.º 27
0
 class Meta:
     object_class = models.Section
     allowed_methods = ('get', 'post', 'put', 'patch', 'delete')
     excludes = ('id', )
     filtering = {
         'created_by': ALL,
         'updated_by': ALL,
         'status': ('exact', 'ne'),
         'created': DATE_FILTERS,
         'last_updated': DATE_FILTERS,
     }
     ordering = (
         'name',
         'help_text',
         'status',
         'created',
         'updated',
     )
     always_return_data = True
     authorization = AppAuthorization()
     authentication = MultiAuthentication(AppApiKeyAuthentication(),
                                          CookieBasicAuthentication())
Exemplo n.º 28
0
    class Meta:
        # queryset = Playlist.objects.order_by('-created').all()
        queryset = Playlist.objects.order_by('-updated').all().nocache()
        list_allowed_methods = ['get', ]
        detail_allowed_methods = ['get', ]
        resource_name = 'library/simpleplaylist'
        # excludes = ['updated',]
        include_absolute_url = True

        always_return_data = True

        authentication = MultiAuthentication(SessionAuthentication(), ApiKeyAuthentication())
        authorization = Authorization()
        limit = 50
        filtering = {
            # 'channel': ALL_WITH_RELATIONS,
            'created': ['exact', 'range', 'gt', 'gte', 'lt', 'lte'],
            'status': ['exact', 'range', ],
            'is_current': ['exact', ],
            'type': ['exact', 'in'],
            'id': ['in', ],
        }
Exemplo n.º 29
0
    class Meta:
        queryset = WorkerPool.objects.all()
        resource_name = 'worker_pool'
        list_allowed_methods = ['get']
        detail_allowed_methods = ['get']
        fields = [
            'id',
            'title',
            'description',
            'enqueue_is_enabled',
        ]
        filtering = {
            'title': 'exact',
        }

        authentication = MultiAuthentication(SessionAuthentication(),
                                             HmacAuthentication())

        authorization = ModelAuthorization(
            api_key_path='workers__api_key',
            user_groups_path='project__groups',
        )
Exemplo n.º 30
0
 class Meta:
     queryset = models.Waybill.objects.all()
     limit = 200
     resource_name = 'waybill'
     list_allowed_methods = ['get', 'post', 'put', 'delete']
     detail_allowed_methods = ['get', 'post', 'put', 'delete']
     always_return_data = True
     collection_name = 'waybills'
     authorization = Authorization()
     authentication = MultiAuthentication(SessionAuthentication(),
                                          ApiKeyAuthentication())
     filtering = {
         'number': ALL,
         'date': ALL,
         'station': ALL_WITH_RELATIONS,
         'departament': ALL,
         'car': ALL_WITH_RELATIONS,
         'is_completed': ALL,
         'conducted': ALL,
         'driver': ALL_WITH_RELATIONS,
         'fuel_issued': ALL,
         'fuel_distribution': ALL_WITH_RELATIONS,
     }