From 88ca734892d72bb6d9f7288c283e6514548e2d30 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Thu, 7 Feb 2019 14:31:41 -0600
Subject: [PATCH] Add permissions and settings for priority instance
---
config/settings/container/production.py | 13 +++++++++++++
gracedb/api/permissions.py | 17 +++++++++++++++++
2 files changed, 30 insertions(+)
create mode 100644 gracedb/api/permissions.py
diff --git a/config/settings/container/production.py b/config/settings/container/production.py
index cfd596824..f1590079d 100644
--- a/config/settings/container/production.py
+++ b/config/settings/container/production.py
@@ -8,6 +8,19 @@ SEND_XMPP_ALERTS = True
SEND_PHONE_ALERTS = True
SEND_EMAIL_ALERTS = True
+# Priority server?
+PRIORITY_SERVER = False
+is_priority_server = os.environ.get('DJANGO_PRIORITY_SERVER', None)
+if (isinstance(is_priority_server, str) and
+ is_priority_server.lower() in ['true', 't']):
+ PRIORITY_SERVER = True
+
+# If priority server, add custom permissions for API
+if PRIORITY_SERVER:
+ default_perms = list(REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'])
+ default_perms = ['api.permissions.IsPriorityUser'] + default_perms
+ REST_FRAMEWORK['DEFAULT_PERMISSION_CLASSES'] = tuple(default_perms)
+
# Safety check on debug mode for production
if (DEBUG == True):
raise RuntimeError("Turn off debug mode for production")
diff --git a/gracedb/api/permissions.py b/gracedb/api/permissions.py
new file mode 100644
index 000000000..aa4bc1469
--- /dev/null
+++ b/gracedb/api/permissions.py
@@ -0,0 +1,17 @@
+import logging
+
+from django.conf import settings
+
+from rest_framework import permissions
+
+# Set up logger
+logger = logging.getLogger(__name__)
+
+
+class IsPriorityUser(permissions.BasePermission):
+ """Only allow users in the priority users group"""
+ message = 'You are not authorized to use this API.'
+
+ def has_permission(self, request, view):
+ return request.user.groups.filter(
+ name=settings.PRIORITY_USERS_GROUP).exists()
--
GitLab