improving some views and authentication methods

Juan Benitez · Juan Benitez · commit 60706fe1d356 · 2019-04-06T10:19:11.000-05:00
diff --git a/api_crud/authentication.py b/api_crud/authentication.py
@@ -0,0 +1,6 @@
+from rest_framework import authentication
+
+
+class JWTAuthentication(authentication.TokenAuthentication):
+
+    keyword = 'JWT'
diff --git a/api_crud/settings.py b/api_crud/settings.py
@@ -29,7 +29,7 @@
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.TokenAuthentication',
+        'api_crud.authentication.JWTAuthentication',
     )
 }
 
diff --git a/movies/permissions.py b/movies/permissions.py
@@ -1,4 +1,5 @@
 from rest_framework import permissions
+from rest_framework.exceptions import PermissionDenied
 
 
 class IsOwnerOrReadOnly(permissions.BasePermission):
@@ -13,4 +14,19 @@ def has_object_permission(self, request, view, obj):
             return True
 
         # Write permissions are only allowed to the creator of the movie
-        return obj.creator == request.user
+        return obj.creator == request.user
+
+
+class IsAuthenticated(permissions.BasePermission):
+    """
+    Allows access only to authenticated users.
+    """
+    print("df")
+
+    def has_permission(self, request, view):
+        message = 'No estas autenticado mi vale!'
+        is_it = bool(request.user and request.user.is_authenticated)
+        if is_it:
+            return is_it
+        else:
+            raise PermissionDenied(detail=message)
diff --git a/movies/views.py b/movies/views.py
@@ -1,11 +1,10 @@
 from rest_framework.decorators import api_view, permission_classes
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework import status
 from rest_framework.parsers import JSONParser
 from .models import Movie
 from .serializers import MovieSerializer
-from .permissions import IsOwnerOrReadOnly
+from .permissions import IsOwnerOrReadOnly, IsAuthenticated
 
 
 @api_view(['GET', 'DELETE', 'PUT']) # Methods Allowed
@@ -54,6 +53,7 @@ def get_delete_update_movie(request, pk):  #pk es PrimaryKey(Id)
 @api_view(['GET', 'POST'])
 @permission_classes((IsAuthenticated, ))
 def get_post_movies(request):
+    print('adasd')
     # get all movies
     if request.method == 'GET':
         puppies = Movie.objects.all()

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@`
`29`	`29`
`30`	`30`	`REST_FRAMEWORK = {`
`31`	`31`	`'DEFAULT_AUTHENTICATION_CLASSES': (`
`32`		`- 'rest_framework.authentication.TokenAuthentication',`
	`32`	`+ 'api_crud.authentication.JWTAuthentication',`
`33`	`33`	`)`
`34`	`34`	`}`
`35`	`35`