From b23c540cad5a8c761d27de1357de703865a53705 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carles=20Barrobe=CC=81s?= Date: Fri, 5 Feb 2016 21:52:10 +0100 Subject: [PATCH] Decorate request with 'has_valid_token' --- drfutils/permissions.py | 3 ++- drfutils/tests/test_token_permissions.py | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drfutils/permissions.py b/drfutils/permissions.py index 2f4b5fd..0af5e4b 100644 --- a/drfutils/permissions.py +++ b/drfutils/permissions.py @@ -51,7 +51,8 @@ def has_permission(self, request, view): This security check is intentionally simplistic for now. Later on we may want to match originating host/domain and token. """ - return contains_valid_token(request) + request.has_valid_token = contains_valid_token(request) + return request.has_valid_token def has_object_permission(self, request, view, obj): """ diff --git a/drfutils/tests/test_token_permissions.py b/drfutils/tests/test_token_permissions.py index 367d0a9..71fe0d5 100644 --- a/drfutils/tests/test_token_permissions.py +++ b/drfutils/tests/test_token_permissions.py @@ -10,6 +10,7 @@ def test_no_token_no_permission(self): request = self.request_factory.get('/') permissions = ClientTokenPermission() self.assertFalse(permissions.has_permission(request, None)) + self.assertFalse(request.has_valid_token) def test_valid_token_in_url_has_permission(self): request = self.request_factory.get('/', {TOKEN_HEADER: self.token.key}) @@ -20,3 +21,9 @@ def test_valid_token_in_header__has_permission(self): request = self.request_factory.get('/', **self.get_token_headers()) permissions = ClientTokenPermission() self.assertTrue(permissions.has_permission(request, None)) + + def test_token_permissions_check_decorates_request(self): + request = self.request_factory.get('/', **self.get_token_headers()) + permissions = ClientTokenPermission() + permissions.has_permission(request, None) + self.assertTrue(request.has_valid_token)