api: require proper authentication to use API (#11375)

This commit is contained in:
Frédéric Péters 2016-06-18 11:59:26 +02:00
parent e785755eea
commit 2cc63f1481
2 changed files with 9 additions and 1 deletions

View File

@ -18,7 +18,7 @@ from django.db.models import F
from django.utils.formats import date_format
from django.utils.timezone import localtime, now
from rest_framework import serializers, status
from rest_framework import permissions, serializers, status
from rest_framework.generics import GenericAPIView
from rest_framework.response import Response
from rest_framework.views import APIView
@ -47,6 +47,7 @@ class SlotSerializer(serializers.Serializer):
class Fillslot(GenericAPIView):
serializer_class = SlotSerializer
permission_classes = (permissions.IsAuthenticated,)
def post(self, request, agenda_pk=None, event_pk=None, format=None):
event = Event.objects.filter(id=event_pk)[0]
@ -61,6 +62,8 @@ fillslot = Fillslot.as_view()
class BookingAPI(APIView):
permission_classes = (permissions.IsAuthenticated,)
def initial(self, request, *args, **kwargs):
super(BookingAPI, self).initial(request, *args, **kwargs)
self.booking = Booking.objects.get(id=kwargs.get('booking_pk'),

5
debian/settings.py vendored
View File

@ -53,3 +53,8 @@ TIME_ZONE = 'Europe/Paris'
# HTTPS Security
# CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ('hobo.rest_authentication.PublikAuthentication',)
}
HOBO_ANONYMOUS_SERVICE_USER_CLASS = 'hobo.rest_authentication.AnonymousAdminServiceUser'