From 54682acc6651f6a06ace372929bb2dead0ca89d6 Mon Sep 17 00:00:00 2001 From: Jakub K Date: Fri, 12 Jan 2024 15:58:27 +0100 Subject: [PATCH] oauth2 ustawienia --- izaac/settings.py | 5 +++++ jobposting/views.py | 14 +++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/izaac/settings.py b/izaac/settings.py index 8f673fc..753ef8f 100644 --- a/izaac/settings.py +++ b/izaac/settings.py @@ -48,6 +48,11 @@ REST_FRAMEWORK = { ], } +OAUTH2_PROVIDER = { + # this is the list of available scopes + 'SCOPES': {'read': 'Read scope', 'write': 'Write scope', 'groups': 'Access to your groups'} +} + # Application definition INSTALLED_APPS = [ diff --git a/jobposting/views.py b/jobposting/views.py index 07cc424..a6dcde5 100644 --- a/jobposting/views.py +++ b/jobposting/views.py @@ -4,6 +4,10 @@ from jobposting.models import JobListing, SkillLevels, CompanyLogo, Skill from core.models import MyUser, AnonymousUserData from rest_framework import status +from oauth2_provider.contrib.rest_framework import TokenHasReadWriteScope + + + from jobposting.serializers import ( JobListingSerializer, SkillLevelsSerializer, @@ -13,13 +17,13 @@ from jobposting.serializers import ( ) class MyUserViewSet(viewsets.ModelViewSet): - permission_classes = [permissions.AllowAny] # test only + permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope] # test only queryset = MyUser.objects.all() serializer_class = MyUserSerializer # permission_classes = [permissions.IsAuthenticated] class JobListingViewSet(viewsets.ModelViewSet): - permission_classes = [permissions.AllowAny] # test only + permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]# test only queryset = JobListing.objects.all() serializer_class = JobListingSerializer # permission_classes = [permissions.IsAuthenticatedOrReadOnly] @@ -43,7 +47,7 @@ class JobListingViewSet(viewsets.ModelViewSet): serializer.save(anonymous_user_data=anonymous_user_data) class SkillLevelsViewSet(viewsets.ModelViewSet): - permission_classes = [permissions.AllowAny] # test only + permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope] # test only queryset = SkillLevels.objects.all() serializer_class = SkillLevelsSerializer # permission_classes = [permissions.IsAuthenticatedOrReadOnly] @@ -61,11 +65,11 @@ class SkillLevelsViewSet(viewsets.ModelViewSet): return super().create(request, *args, **kwargs) class CompanyLogoViewSet(viewsets.ModelViewSet): - permission_classes = [permissions.AllowAny] + permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope] queryset = CompanyLogo.objects.all() serializer_class = CompanyLogoSerializer class SkillViewset(viewsets.ModelViewSet): - permission_classes = [permissions.AllowAny] + permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope] queryset = Skill.objects.all() serializer_class = SkillSerializer \ No newline at end of file