#31 API basic implementation Token Authentication

* adds token checking to AbstractModelAPIView * adds user accessibility filtering for intervention API v1 * extends fetch_and_serialize() method to take a dict for db filtering instead of a single field and value * organizes urlnames into supporting formats like "api:v1:intervention"
2022-01-21 16:15:16 +01:00
parent 134651c8f7
commit cf82f4b223
6 changed files with 64 additions and 16 deletions
--- a/api/views/v1/intervention.py
+++ b/api/views/v1/intervention.py
@@ -13,15 +13,16 @@ from api.views.v1.general import AbstractModelAPIViewV1
 from intervention.models import Intervention


-class APIInterventionView(AbstractModelAPIViewV1):
+class APIInterventionViewV1(AbstractModelAPIViewV1):
    model = Intervention
-    fields_to_serialize = {
-        "identifier",
-        "title",
-    }

    def get(self, request: HttpRequest, identifier):
-        data = self.fetch_and_serialize("identifier", identifier)
+        _filter = {
+            "identifier": identifier,
+            "users__in": [self.user],
+            "deleted__isnull": True,
+        }
+        data = self.fetch_and_serialize(_filter)
        return JsonResponse(data)

    def model_to_json(self, entry: Intervention):
--- a/api/views/views.py
+++ b/api/views/views.py
@@ -7,8 +7,12 @@ Created on: 21.01.22
 """
 from abc import abstractmethod

+from django.http import JsonResponse
 from django.views import View

+from api.models import APIUserToken
+from api.settings import KSP_TOKEN_HEADER_IDENTIFIER
+

 class AbstractModelAPIView(View):
    """ Base class for API views
@@ -19,6 +23,7 @@ class AbstractModelAPIView(View):

    """
    model = None
+    user = None

    class Meta:
        abstract = True
@@ -35,21 +40,29 @@ class AbstractModelAPIView(View):
        """
        raise NotImplementedError("Must be implemented in subclasses")

-    def fetch_and_serialize(self, lookup_field, lookup_val):
+    def fetch_and_serialize(self, _filter):
        """ Serializes the model entry according to the given lookup data

        Args:
-            lookup_field (): Which field used for lookup
-            lookup_val (): Value for lookup
+            _filter (dict): Lookup declarations

        Returns:
            serialized_data (dict)
        """
-        _filters = {
-            lookup_field: lookup_val
-        }
-        qs = self.model.objects.filter(**_filters)
+        qs = self.model.objects.filter(**_filter)
        serialized_data = {}
        for entry in qs:
            serialized_data[str(entry.pk)] = self.model_to_json(entry)
        return serialized_data
+
+    def dispatch(self, request, *args, **kwargs):
+        try:
+            self.user = APIUserToken.get_user_from_token(request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None))
+        except PermissionError as e:
+            return JsonResponse(
+                {
+                    "error": e.__str__()
+                },
+                status=403
+            )
+        return super().dispatch(request, *args, **kwargs)