from django.contrib.auth.models import User, Group from rest_framework import viewsets from .serializers import UserSerializer, GroupSerializer from rest_framework.views import APIView from .permission import HasAPIKey from rest_framework.permissions import IsAuthenticated from .models import APIKey from rest_framework.response import Response from django.utils.decorators import method_decorator from .decorators import api_permission_required class UserViewSet(viewsets.ModelViewSet): """ API endpoint that allows users to be viewed or edited. """ queryset = User.objects.all().order_by('-date_joined') serializer_class = UserSerializer keys = APIKey.objects.all() for i in keys: print() permission_classes = [HasAPIKey | IsAuthenticated] class GroupViewSet(viewsets.ModelViewSet): """ API endpoint that allows groups to be viewed or edited. """ queryset = Group.objects.all() serializer_class = GroupSerializer permission_classes = [HasAPIKey | IsAuthenticated] class SnippetUSER(APIView): permission_classes = [] @method_decorator(api_permission_required("user", "post"), name='dispatch') def get(self, request, format=None): snippets = User.objects.all() serializer = UserSerializer(snippets, many=True, context={'request': request}) try: header_key = request.META["HTTP_X_API_KEY"] db_key = APIKey.objects.get_from_key(header_key) print(db_key.has_permission_method("user", "get")) except: header_key = request.META["HTTP_X_CSRFTOKEN"] return Response(serializer.data)