1
0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00

Fixes #1385: Connected device API endpoint no longer requires authentication if LOGIN_REQUIRED=False

This commit is contained in:
Jeremy Stretch
2017-08-02 11:17:57 -04:00
parent 28225c7cbd
commit fd6df8e52a
2 changed files with 30 additions and 4 deletions

View File

@ -4,9 +4,10 @@ from django.conf import settings
from django.contrib.contenttypes.models import ContentType
from rest_framework import authentication, exceptions
from rest_framework.compat import is_authenticated
from rest_framework.exceptions import APIException
from rest_framework.pagination import LimitOffsetPagination
from rest_framework.permissions import DjangoModelPermissions, SAFE_METHODS
from rest_framework.permissions import BasePermission, DjangoModelPermissions, SAFE_METHODS
from rest_framework.serializers import Field, ValidationError
from users.models import Token
@ -20,6 +21,10 @@ class ServiceUnavailable(APIException):
default_detail = "Service temporarily unavailable, please try again later."
#
# Authentication
#
class TokenAuthentication(authentication.TokenAuthentication):
"""
A custom authentication scheme which enforces Token expiration times.
@ -61,6 +66,20 @@ class TokenPermissions(DjangoModelPermissions):
return super(TokenPermissions, self).has_permission(request, view)
class IsAuthenticatedOrLoginNotRequired(BasePermission):
"""
Returns True if the user is authenticated or LOGIN_REQUIRED is False.
"""
def has_permission(self, request, view):
if not settings.LOGIN_REQUIRED:
return True
return request.user and is_authenticated(request.user)
#
# Serializers
#
class ChoiceFieldSerializer(Field):
"""
Represent a ChoiceField as {'value': <DB value>, 'label': <string>}.
@ -98,6 +117,10 @@ class ContentTypeFieldSerializer(Field):
raise ValidationError("Invalid content type")
#
# Mixins
#
class ModelValidationMixin(object):
"""
Enforce a model's validation through clean() when validating serializer data. This is necessary to ensure we're
@ -119,6 +142,10 @@ class WritableSerializerMixin(object):
return self.serializer_class
#
# Pagination
#
class OptionalLimitOffsetPagination(LimitOffsetPagination):
"""
Override the stock paginator to allow setting limit=0 to disable pagination for a request. This returns all objects