require authentication to get dispatch objects via API

This commit is contained in:
Brian S. Stephan 2023-02-28 18:37:05 -06:00
parent ffcdc3f8d8
commit 0ea54a5ee2
Signed by: bss
GPG Key ID: 3DE06D3180895FCB
3 changed files with 25 additions and 2 deletions

View File

@ -12,5 +12,5 @@ urlpatterns = [
path('api/dispatchers/<key>/message', DispatchMessageByKey.as_view(), name='dispatch_api_dispatch_message'),
path('api/actions/', DispatcherActionList.as_view(), name='dispatch_api_actions'),
path('api/actions/<pk>/', DispatcherActionDetail.as_view(), name='dispatch_api_action_detail'),
path('api/actions/<int:pk>/', DispatcherActionDetail.as_view(), name='dispatch_api_action_detail'),
]

View File

@ -28,6 +28,8 @@ class HasSendMessagePermission(IsAuthenticated):
class DispatcherList(generics.ListAPIView):
"""List all dispatchers."""
permission_classes = (IsAuthenticated,)
queryset = Dispatcher.objects.all()
serializer_class = DispatcherSerializer
@ -35,6 +37,8 @@ class DispatcherList(generics.ListAPIView):
class DispatcherDetail(generics.RetrieveAPIView):
"""Detail the given dispatcher."""
permission_classes = (IsAuthenticated,)
queryset = Dispatcher.objects.all()
serializer_class = DispatcherSerializer
@ -107,6 +111,8 @@ class DispatchMessageByKey(DispatchMessage):
class DispatcherActionList(generics.ListAPIView):
"""List all dispatchers."""
permission_classes = (IsAuthenticated,)
queryset = DispatcherAction.objects.all()
serializer_class = DispatcherActionSerializer
@ -114,5 +120,7 @@ class DispatcherActionList(generics.ListAPIView):
class DispatcherActionDetail(generics.RetrieveAPIView):
"""Detail the given dispatcher."""
permission_classes = (IsAuthenticated,)
queryset = DispatcherAction.objects.all()
serializer_class = DispatcherActionSerializer

View File

@ -1,6 +1,6 @@
"""Test the dispatch package's webservice."""
from django.contrib.auth.models import User
from rest_framework.status import HTTP_200_OK
from rest_framework.status import HTTP_200_OK, HTTP_403_FORBIDDEN
from rest_framework.test import APITestCase
from dispatch.models import Dispatcher, DispatcherAction
@ -27,3 +27,18 @@ class DispatchAPITest(APITestCase):
resp = self.client.get('/dispatch/api/actions/')
self.assertEqual(resp.status_code, HTTP_200_OK)
self.assertEqual(len(resp.json()), DispatcherAction.objects.count())
def test_unauthed_dispatch_object_retrieval(self):
"""Test that the list endpoints require authentication."""
client = self.client_class()
resp = client.get('/dispatch/api/dispatchers/')
self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
resp = client.get('/dispatch/api/dispatchers/111/')
self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
resp = client.get('/dispatch/api/dispatchers/fake/')
self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
resp = client.get('/dispatch/api/actions/')
self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
resp = client.get('/dispatch/api/actions/111/')
self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)