Skip to content
This repository was archived by the owner on May 2, 2023. It is now read-only.

Auth Session

Jump to bottom
Maigret Aurélien edited this page Mar 17, 2015 · 6 revisions

Auth Session class

You could specify a class in your settings which will be instanciated for each request :

REST_AUTH_SESSION_ENGINE = "example.auth.AuthSession"

For use the decorators must_be_in_rights and must_be_connected of this plugin, your class must will be herited of rest_api.auth.BaseAuthREST, and overriding her two methods.

from rest_api.auth import BaseAuthREST
class AuthSession(BaseAuthREST):
    def __init__(self, request):
        self.request = request
        # connexion...

    def is_connected(self):
        return ...

    def check_right(self, rights, _all=False):
        return ...

Class AuthSession of this example : https://github.com/skies-io/django-rest-api/blob/master/example/example/auth.py.

The authentification class is optionnal. In this case, the variable session for parameters of your futurs methods will have the value None.

Auth Session decorators

must_be_connected

This decorator used to verify that the user making the request is connected. It used the method is_connected of your Auth Session class.

from rest_api.API import API
from rest_api.decorators import must_be_connected

class ProjectAPI(API):
    @must_be_connected
    def method_get_list(self, session, request, **kwargs):
        # ...

must_be_in_rights

This decorator used to verify that the user making the request is connected and is in at least one of the rights. It used the method check_right of your Auth Session class.

from rest_api.API import API
from rest_api.decorators import must_be_in_rights

class ProjectAPI(API):
    @must_be_in_rights(["account-subscription", "owner"])
    def method_get_list(self, session, request, **kwargs):
        # ...

Clone this wiki locally