Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PB-1124 Add django authentication and permission check to API #39

Merged
merged 1 commit into from
Nov 13, 2024
Merged

PB-1124 Add django authentication and permission check to API #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Pipfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ django-stubs = "~=5.0.4"
debugpy = "*"
boto3-stubs = {extras = ["cognito-idp"], version = "~=1.35"}
bandit = "*"
pytest-xdist = "*"

[requires]
python_version = "3.12"
25 changes: 21 additions & 4 deletions Pipfile.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,14 @@ and the migrations.

## Local Development

### Running tests in parallel

Run tests with, for example, 16 workers:

```bash
pytest -n 16
```

### vs code Integration

There are some possibilities to debug this codebase from within visual studio code.
Expand Down
19 changes: 15 additions & 4 deletions app/access/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from ninja import Router
from ninja.errors import HttpError
from provider.models import Provider
from utils.authentication import PermissionAuth

from django.db import transaction
from django.http import Http404
Expand Down Expand Up @@ -31,7 +32,12 @@ def user_to_response(model: User) -> UserSchema:
return response


@router.get("users/{username}", response={200: UserSchema}, exclude_none=True)
@router.get(
"users/{username}",
response={200: UserSchema},
exclude_none=True,
auth=PermissionAuth('access.view_user')
)
def user(request: HttpRequest, username: str) -> UserSchema:
"""
Get the user with the given username.
Expand All @@ -41,7 +47,12 @@ def user(request: HttpRequest, username: str) -> UserSchema:
return response


@router.get("users", response={200: UserListSchema}, exclude_none=True)
@router.get(
"users",
response={200: UserListSchema},
exclude_none=True,
auth=PermissionAuth('access.view_user')
)
def users(request: HttpRequest) -> dict[str, list[UserSchema]]:
"""
Get all users.
Expand All @@ -51,7 +62,7 @@ def users(request: HttpRequest) -> dict[str, list[UserSchema]]:
return {"items": responses}


@router.post("users", response={201: UserSchema})
@router.post("users", response={201: UserSchema}, auth=PermissionAuth('access.add_user'))
def create(request: HttpRequest, user_in: UserSchema) -> UserSchema:
"""Create the given user and return it.

Expand Down Expand Up @@ -80,7 +91,7 @@ def create(request: HttpRequest, user_in: UserSchema) -> UserSchema:
return user_to_response(user_out)


@router.delete("users/{username}")
@router.delete("users/{username}", auth=PermissionAuth('access.delete_user'))
def delete(request: HttpRequest, username: str) -> HttpResponse:
"""
Delete the user with the given username.
Expand Down
Loading