From 7401c00216bf638e7346ca9e3607484247b13db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= Date: Thu, 30 Nov 2023 22:45:36 +0100 Subject: [PATCH] some API fixes --- src/c3nav/api/newauth.py | 19 +++++++++---------- src/c3nav/mesh/newapi.py | 8 ++++---- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/c3nav/api/newauth.py b/src/c3nav/api/newauth.py index e35a46cc..437572e6 100644 --- a/src/c3nav/api/newauth.py +++ b/src/c3nav/api/newauth.py @@ -28,8 +28,8 @@ class APIAuthMethod(StrEnum): @dataclass class NewAPIAuth: - auth_method: APIAuthMethod - auth_readonly: bool + method: APIAuthMethod + readonly: bool description = """ @@ -61,8 +61,8 @@ class APITokenAuth(HttpBearer): if token == "anonymous": return NewAPIAuth( - auth_method=APIAuthMethod.ANONYMOUS, - auth_readonly=True, + method=APIAuthMethod.ANONYMOUS, + readonly=True, ) elif token.startswith("session:"): session = self.SessionStore(token.removeprefix("session:")) @@ -72,8 +72,8 @@ class APITokenAuth(HttpBearer): raise APITokenInvalid request.user = user return NewAPIAuth( - auth_method=APIAuthMethod.SESSION, - auth_readonly=True, + method=APIAuthMethod.SESSION, + readonly=True, ) elif token.startswith("secret:"): try: @@ -97,10 +97,9 @@ class APITokenAuth(HttpBearer): request.user_permissions = user_permissions return NewAPIAuth( - auth_method=APIAuthMethod.SESSION, - auth_readonly=True + method=APIAuthMethod.SESSION, + readonly=secret.readonly ) - # todo: implement token (app) auth raise APITokenInvalid def authenticate(self, request, token): @@ -114,7 +113,7 @@ class APITokenAuth(HttpBearer): raise APIPermissionDenied('You need to have the "%s" permission for this endpoint.') if request.method == 'GET' and self.is_readonly: raise ValueError('this makes no sense for GET') - if request.method != 'GET' and not self.is_readonly: + if request.method != 'GET' and not self.is_readonly and auth_result.readonly: raise APIPermissionDenied('You need a non-readonly API access key for this endpoint.') return auth_result diff --git a/src/c3nav/mesh/newapi.py b/src/c3nav/mesh/newapi.py index 5119b6e9..4204499a 100644 --- a/src/c3nav/mesh/newapi.py +++ b/src/c3nav/mesh/newapi.py @@ -45,6 +45,10 @@ class FirmwareBuildSchema(Schema): example={BoardType.C3NAV_LOCATION_PCB_REV_0_2.name, } ) + @staticmethod + def resolve_boards(obj): + return list(obj.boards) + class Config(Schema.Config): pass @@ -123,10 +127,6 @@ class UploadFirmwareBuildSchema(Schema): project_description: dict = APIField(..., title='project_description.json contents') uploaded_filename: str = APIField(..., example="firmware.bin") - @staticmethod - def resolve_boards(obj): - return list(obj.boards) - class UploadFirmwareSchema(Schema): """