technicie/MarietjeDjango
1
0
Fork 0
mirror of https://gitlab.science.ru.nl/technicie/MarietjeDjango.git synced 2025-12-09 21:12:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add route for login and permissions, return JSON on unauthorized API requests

Browse Source
This commit is contained in:
Sébastiaan Versteeg
2017-02-09 13:49:40 +01:00
parent 4960d834fd
commit 28fabd437c
2 changed files with 69 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
marietje/api/urls.py
View File

@ -5,6 +5,8 @@ from . import views
app_name = 'api' app_name = 'api'
urlpatterns = [ urlpatterns = [
url(r'^login', views.login_user),
url(r'^permissions', views.permissions),
url(r'^songs', views.songs), url(r'^songs', views.songs),
url(r'^managesongs', views.managesongs), url(r'^managesongs', views.managesongs),
url(r'^queue', views.queue), url(r'^queue', views.queue),

82
marietje/api/views.py
View File

@ -1,20 +1,72 @@
import time import time
from mutagen import File from functools import wraps
from django.contrib.auth.decorators import login_required import django.middleware.csrf as csrf
from django.contrib.auth import authenticate, login
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
from django.db.models import Q from django.db.models import Q
from django.http import JsonResponse, HttpResponseForbidden from django.http import JsonResponse, HttpResponseForbidden
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.views.decorators.http import require_http_methods from django.views.decorators.http import require_http_methods
from mutagen import File
from marietje.utils import song_to_dict, playlist_song_to_dict, send_to_bertha from marietje.utils import song_to_dict, playlist_song_to_dict, send_to_bertha
from queues.models import PlaylistSong, QueueCommand
from songs.models import Song from songs.models import Song
from queues.models import PlaylistSong, Queue, QueueCommand
@login_required def api_auth_required(view_func):
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if request.user.is_authenticated and request.user.is_active:
return view_func(request, *args, **kwargs)
response = JsonResponse({
'error': 'User not authenticated or activated.'
})
response.status_code = 401
return response
return _wrapped_view
def login_user(request):
data = {'error': 'Method not allowed'}
status = 405
if request.method == "POST":
username = request.POST.get('username', '').strip()
password = request.POST.get('password', '').strip()
data = {'error': 'Please enter a correct username and password. '
'Note that both fields may be case-sensitive.'}
status = 401
if username and password:
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
data = {}
status = 200
else:
data = {'error': 'User is not active'}
status = 401
else:
csrf.get_token(request)
response = JsonResponse(data)
response.status_code = status
return response
@api_auth_required
def permissions(request):
return JsonResponse({
'can_move': request.user.has_perm('queues.can_move'),
'can_skip': request.user.has_perm('queues.can_skip'),
'can_cancel': request.user.has_perm('queues.can_cancel')
})
@api_auth_required
def songs(request): def songs(request):
try: try:
pagesize = int(request.POST.get('pagesize')) pagesize = int(request.POST.get('pagesize'))
@ -57,7 +109,7 @@ def songs(request):
}) })
@login_required @api_auth_required
def managesongs(request): def managesongs(request):
try: try:
pagesize = int(request.POST.get('pagesize')) pagesize = int(request.POST.get('pagesize'))
@ -99,7 +151,7 @@ def managesongs(request):
}) })
@login_required @api_auth_required
def queue(request): def queue(request):
queue = request.user.queue queue = request.user.queue
return JsonResponse({ return JsonResponse({
@ -110,7 +162,7 @@ def queue(request):
}) })
@login_required @api_auth_required
def skip(request): def skip(request):
playlist_song = request.user.queue.current_song() playlist_song = request.user.queue.current_song()
if playlist_song.user != request.user and not request.user.has_perm('queues.can_skip'): if playlist_song.user != request.user and not request.user.has_perm('queues.can_skip'):
@ -123,7 +175,7 @@ def skip(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def move_up(request): def move_up(request):
if not request.user.has_perm('queues.can_move'): if not request.user.has_perm('queues.can_move'):
return HttpResponseForbidden() return HttpResponseForbidden()
@ -133,7 +185,7 @@ def move_up(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def move_down(request): def move_down(request):
playlist_song = get_object_or_404(PlaylistSong, id=request.POST.get('id')) playlist_song = get_object_or_404(PlaylistSong, id=request.POST.get('id'))
if playlist_song.user != request.user and not request.user.has_perm('queues.can_move'): if playlist_song.user != request.user and not request.user.has_perm('queues.can_move'):
@ -143,7 +195,7 @@ def move_down(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def cancel(request): def cancel(request):
playlist_song = get_object_or_404(PlaylistSong, id=request.POST.get('id')) playlist_song = get_object_or_404(PlaylistSong, id=request.POST.get('id'))
if playlist_song.user != request.user and not request.user.has_perm('queues.can_cancel'): if playlist_song.user != request.user and not request.user.has_perm('queues.can_cancel'):
@ -154,7 +206,7 @@ def cancel(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def request(request): def request(request):
queue = request.user.queue queue = request.user.queue
song = get_object_or_404(Song, id=request.POST.get('id'), deleted=False) song = get_object_or_404(Song, id=request.POST.get('id'), deleted=False)
@ -166,7 +218,7 @@ def request(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def upload(request): def upload(request):
files = request.FILES.getlist('file[]') files = request.FILES.getlist('file[]')
artists = request.POST.getlist('artist[]') artists = request.POST.getlist('artist[]')
@ -192,7 +244,7 @@ def upload(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def volume_down(request): def volume_down(request):
if not request.user.has_perm('queues.can_control_volume'): if not request.user.has_perm('queues.can_control_volume'):
return HttpResponseForbidden() return HttpResponseForbidden()
@ -202,7 +254,7 @@ def volume_down(request):
@require_http_methods(["POST"]) @require_http_methods(["POST"])
@login_required @api_auth_required
def volume_up(request): def volume_up(request):
if not request.user.has_perm('queues.can_control_volume'): if not request.user.has_perm('queues.can_control_volume'):
return HttpResponseForbidden() return HttpResponseForbidden()