-
Notifications
You must be signed in to change notification settings - Fork 0
Auth Session
You could specify a class in your settings which will be instanciated for each request :
REST_AUTH_SESSION_ENGINE = "example.auth.AuthSession"To use the decorators must_be_in_rights and must_be_connected of this plugin, your class must inherit from rest_api.auth.BaseAuthREST, and override her two methods.
from rest_api.auth import BaseAuthREST
class AuthSession(BaseAuthREST):
def __init__(self, request):
self.request = request
# connexion...
def is_connected(self):
return ...
def check_right(self, rights, _all=False):
return ...Class AuthSession of this example : https://github.com/skies-io/django-rest-api/blob/master/example/example/auth.py.
The authentication class is optional. In this case, the variable session, parameter of your future methods will have the value None.
This decorator is used to verify that the user making the request is connected.
It's use the method is_connected of your Auth Session class.
from rest_api.API import API
from rest_api.decorators import must_be_connected
class ProjectAPI(API):
@must_be_connected
def method_get_list(self, session, request, **kwargs):
# ...This decorator is used to verify that the user making the request is connected and is in at least one of the rights.
It's use the method check_right of your Auth Session class.
from rest_api.API import API
from rest_api.decorators import must_be_in_rights
class ProjectAPI(API):
@must_be_in_rights(["account-subscription", "owner"])
def method_get_list(self, session, request, **kwargs):
# ...