Skip to content

Commit

Permalink
Merge pull request #7 from ployst/token-permissions-decorate-request
Browse files Browse the repository at this point in the history 
Decorate request with 'has_valid_token'
  • Loading branch information
@txels
txels committed Feb 5, 2016
2 parents bc42fcb + b23c540 commit 01e87f4
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
3 changes: 2 additions & 1 deletion drfutils/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,8 @@ def has_permission(self, request, view):
This security check is intentionally simplistic for now. Later on we
may want to match originating host/domain and token.
"""
return contains_valid_token(request)
request.has_valid_token = contains_valid_token(request)
return request.has_valid_token

def has_object_permission(self, request, view, obj):
"""
Expand Down
7 changes: 7 additions & 0 deletions drfutils/tests/test_token_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ def test_no_token_no_permission(self):
request = self.request_factory.get('/')
permissions = ClientTokenPermission()
self.assertFalse(permissions.has_permission(request, None))
self.assertFalse(request.has_valid_token)

def test_valid_token_in_url_has_permission(self):
request = self.request_factory.get('/', {TOKEN_HEADER: self.token.key})
Expand All @@ -20,3 +21,9 @@ def test_valid_token_in_header__has_permission(self):
request = self.request_factory.get('/', **self.get_token_headers())
permissions = ClientTokenPermission()
self.assertTrue(permissions.has_permission(request, None))

def test_token_permissions_check_decorates_request(self):
request = self.request_factory.get('/', **self.get_token_headers())
permissions = ClientTokenPermission()
permissions.has_permission(request, None)
self.assertTrue(request.has_valid_token)

0 comments on commit 01e87f4

Please sign in to comment.