Change player to OAuth protocol

2025-12-10 11:32:22 +01:00 · 2023-11-12 09:33:19 +01:00
parent 66ac1076d3
commit d55ff6c8c6
16 changed files with 206 additions and 124 deletions
--- a/marietje/songs/api/v1/serializers.py
+++ b/marietje/songs/api/v1/serializers.py
@ -5,11 +5,12 @@ from songs.models import Song, ReportNote


 class SongSerializer(serializers.ModelSerializer):
-    user = UserRelatedFieldSerializer()
+    user = UserRelatedFieldSerializer(read_only=True)

    class Meta:
        model = Song
        fields = ["id", "artist", "title", "duration", "hash", "user", "rg_gain", "rg_peak"]
+        read_only_fields = ["id", "duration", "hash", "user"]


 class ReportNoteSerializer(serializers.ModelSerializer):
--- a/marietje/songs/api/v1/urls.py
+++ b/marietje/songs/api/v1/urls.py
@ -1,10 +1,10 @@
 from django.urls import path

-from .views import SongsListAPIView, SongRetrieveAPIView, SongUploadAPIView, ReportNoteCreateAPIView
+from .views import SongsListAPIView, SongRetrieveUpdateAPIView, SongUploadAPIView, ReportNoteCreateAPIView

 urlpatterns = [
    path("", SongsListAPIView.as_view(), name="song_list"),
-    path("<int:pk>/", SongRetrieveAPIView.as_view(), name="song_retrieve"),
+    path("<int:pk>/", SongRetrieveUpdateAPIView.as_view(), name="song_retrieve_update"),
    path("report-notes/", ReportNoteCreateAPIView.as_view(), name="report_note_create"),
    path("upload/", SongUploadAPIView.as_view(), name="song_upload"),
 ]
--- a/marietje/songs/api/v1/views.py
+++ b/marietje/songs/api/v1/views.py
@ -1,6 +1,7 @@
+from django.conf import settings
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.generics import ListAPIView, RetrieveAPIView, CreateAPIView
-from rest_framework import filters
+from rest_framework.generics import ListAPIView, RetrieveUpdateAPIView, CreateAPIView
+from rest_framework import filters, status
 from rest_framework.views import APIView
 from rest_framework.response import Response

@ -27,11 +28,35 @@ class SongsListAPIView(ListAPIView):
    ]


-class SongRetrieveAPIView(RetrieveAPIView):
+class SongRetrieveUpdateAPIView(RetrieveUpdateAPIView):
    serializer_class = SongSerializer
    queryset = Song.objects.all()
    permission_classes = [IsAuthenticatedOrTokenHasScopeForMethod]
-    required_scopes_for_method = {"GET": ["read"]}
+    required_scopes_for_method = {"GET": ["read"], "PUT": ["write"], "PATCH": ["write"]}
+
+    def put(self, request, **kwargs):
+        if (
+            request.auth is None
+            or request.auth.application.id not in settings.OAUTH_2_APPLICATIONS_WITH_GAIN_AND_PEAK_PERMISSION
+        ):
+            return Response(
+                {"detail": "Unauthorized"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        return super(SongRetrieveUpdateAPIView, self).put(request, **kwargs)
+
+    def patch(self, request, **kwargs):
+        if (
+            request.auth is None
+            or request.auth.application.id not in settings.OAUTH_2_APPLICATIONS_WITH_GAIN_AND_PEAK_PERMISSION
+        ):
+            return Response(
+                {"detail": "Unauthorized"},
+                status=status.HTTP_401_UNAUTHORIZED,
+            )
+
+        return super(SongRetrieveUpdateAPIView, self).patch(request, **kwargs)


 class ReportNoteCreateAPIView(CreateAPIView):