On 03/16/2017 05:07 PM, Stephen Finucane wrote:
API clients are going to talk using basic auth. We also need to do this
for bundles. The alternative is to provide another endpoint for bundles
in the API but that seems unnecessary.
Signed-off-by: Stephen Finucane <[email protected]>
---
patchwork/views/bundle.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/patchwork/views/bundle.py b/patchwork/views/bundle.py
index e717429..9f5f2b9 100644
--- a/patchwork/views/bundle.py
+++ b/patchwork/views/bundle.py
@@ -19,6 +19,7 @@
from __future__ import absolute_import
+from django.conf import settings
from django.contrib.auth.decorators import login_required
import django.core.urlresolvers
from django.http import (HttpResponse, HttpResponseRedirect,
@@ -30,6 +31,12 @@ from patchwork.forms import BundleForm, DeleteBundleForm
from patchwork.models import Patch, Bundle, BundlePatch, Project
from patchwork.views import generic_list, patch_to_mbox, get_patch_ids
+if settings.ENABLE_REST_API:
+ from rest_framework.authentication import BasicAuthentication # noqa
+ basic_auth = BasicAuthentication()
+else:
+ basic_auth = None
+
@login_required
def setbundle(request):
@@ -193,7 +200,8 @@ def mbox(request, username, bundlename):
bundle = get_object_or_404(Bundle, owner__username=username,
name=bundlename)
- if not (request.user == bundle.owner or bundle.public):
+ if not (request.user == bundle.owner or bundle.public or
+ (basic_auth and BasicAuthentication().authenticate(request))):
This feels a little wierd since basic_auth is already instantiated
above. Wouldn't it be more clean as:
if not (request.user == bundle.owner or bundle.public or
(basic_auth and basic_auth.authenticate(request))):
return HttpResponseNotFound()
mbox = '\n'.join([patch_to_mbox(p).as_string(True)
_______________________________________________
Patchwork mailing list
[email protected]
https://lists.ozlabs.org/listinfo/patchwork
