-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
301 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
.. _oauth: | ||
|
||
OAuth | ||
===== | ||
|
||
.. currentmodule:: flask_rest_jsonapi | ||
|
||
Flask-REST-JSONAPI support OAuth via `Flask-OAuthlib <https://github.com/lepture/flask-oauthlib>`_ | ||
|
||
Example: | ||
|
||
.. code-block:: python | ||
from flask import Flask | ||
from flask_rest_jsonapi import Api | ||
from flask_oauthlib.provider import OAuth2Provider | ||
app = Flask(__name__) | ||
oauth2 = OAuth2Provider() | ||
api = Api() | ||
api.init_app(app) | ||
api.oauth_manager(oauth2) | ||
In this example Flask-REST-JSONAPI will protect all your resource methods with this decorator :: | ||
|
||
oauth2.require_oauth(<scope>) | ||
|
||
The pattern of the scope is like that :: | ||
|
||
<action>_<resource_type> | ||
|
||
Where action is: | ||
|
||
* list: for the get method of a ResourceList | ||
* create: for the post method of a ResourceList | ||
* get: for the get method of a ResourceDetail | ||
* update: for the patch method of a ResourceDetail | ||
* delete: for the delete method of a ResourceDetail | ||
|
||
Example :: | ||
|
||
list_person | ||
|
||
If you want to customize the scope you can provide a function that computes your custom scope. The function have to looks like that: | ||
|
||
.. code-block:: python | ||
def get_scope(resource, method): | ||
"""Compute the name of the scope for oauth | ||
|
||
:param Resource resource: the resource manager | ||
:param str method: an http method | ||
:return str: the name of the scope | ||
""" | ||
return 'custom_scope' | ||
|
||
Usage example: | ||
|
||
.. code-block:: python | ||
from flask import Flask | ||
from flask_rest_jsonapi import Api | ||
from flask_oauthlib.provider import OAuth2Provider | ||
app = Flask(__name__) | ||
oauth2 = OAuth2Provider() | ||
api = Api() | ||
api.init_app(app) | ||
api.oauth_manager(oauth2) | ||
api.scope_setter(get_scope) | ||
.. note:: | ||
|
||
You can name the custom scope computation method as you want but you have to set the 2 required parameters: resource and method like in this previous example. | ||
|
||
If you want to disable OAuth or make custom methods protection for a resource you can add this option to the resource manager. | ||
|
||
Example: | ||
|
||
.. code-block:: python | ||
from flask_rest_jsonapi import ResourceList | ||
from your_project.extensions import oauth2 | ||
|
||
class PersonList(ResourceList): | ||
disable_oauth = True | ||
|
||
@oauth2.require_oauth('custom_scope') | ||
def get(*args, **kwargs): | ||
return 'Hello world !' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
.. _permission: | ||
|
||
Permission | ||
========== | ||
|
||
.. currentmodule:: flask_rest_jsonapi | ||
|
||
Flask-REST-JSONAPI provides a very agnostic permission system. | ||
|
||
Example: | ||
|
||
.. code-block:: python | ||
from flask import Flask | ||
from flask_rest_jsonapi import Api | ||
from your_project.permission import permission_manager | ||
app = Flask(__name__) | ||
api = Api() | ||
api.init_app(app) | ||
api.permission_manager(permission_manager) | ||
In this previous example, the API will check permission before each method call with the permission_manager function. | ||
|
||
The permission manager must be a function that looks like this: | ||
|
||
.. code-block:: python | ||
def permission_manager(view, view_args, view_kwargs, *args, **kwargs): | ||
"""The function use to check permissions | ||
:param callable view: the view | ||
:param list view_args: view args | ||
:param dict view_kwargs: view kwargs | ||
:param list args: decorator args | ||
:param dict kwargs: decorator kwargs | ||
""" | ||
.. note:: | ||
|
||
Flask-REST-JSONAPI use a decorator to check permission for each method named has_permission. You can provide args and kwargs to this decorators so you can retrieve this args and kwargs in the permission_manager. The default usage of the permission system does not provides any args or kwargs to the decorator. | ||
|
||
If permission is denied I recommand to raise exception like that: | ||
|
||
.. code-block:: python | ||
raise JsonApiException(<error_source>, | ||
<error_details>, | ||
title='Permission denied', | ||
status='403') | ||
|
||
You can disable the permission system or make custom permission checking management of a resource like that: | ||
|
||
.. code-block:: python | ||
from flask_rest_jsonapi import ResourceList | ||
from your_project.extensions import api | ||
|
||
class PersonList(ResourceList): | ||
disable_permission = True | ||
|
||
@api.has_permission('custom_arg', custom_kwargs='custom_kwargs') | ||
def get(*args, **kwargs): | ||
return 'Hello world !' | ||
.. warning:: | ||
|
||
If you want to use both permission system and oauth support to retrieve information like user from oauth (request.oauth.user) in the permission system you have to initialize permission system before to initialize oauth support because of decorators cascading. | ||
|
||
Example: | ||
|
||
.. code-block:: python | ||
from flask import Flask | ||
from flask_rest_jsonapi import Api | ||
from flask_oauthlib.provider import OAuth2Provider | ||
from your_project.permission import permission_manager | ||
app = Flask(__name__) | ||
oauth2 = OAuth2Provider() | ||
api = Api() | ||
api.init_app(app) | ||
api.permission_manager(permission_manager) # initialize permission system first | ||
api.oauth_manager(oauth2) # initialize oauth support second |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.