|
|
@@ -1,15 +1,17 @@
|
|
|
from rest_framework import generics, permissions, status
|
|
|
from rest_framework.response import Response
|
|
|
+from rest_framework_api_key.permissions import HasAPIKey
|
|
|
|
|
|
from tickets.api.permissions import UserTicketAccessPermission, UserTicketStatusAccessPermission
|
|
|
from tickets.api.serializers import TicketDetailSerializer, TicketSerializer, TicketStatusSerializer
|
|
|
from tickets.models import Ticket
|
|
|
|
|
|
+#TODO - maybe it's good idea to add concrete permission checks for handlers with API keys
|
|
|
|
|
|
class TicketDetailAPIView(generics.RetrieveUpdateDestroyAPIView):
|
|
|
queryset = Ticket.objects.all()
|
|
|
serializer_class = TicketDetailSerializer
|
|
|
- permission_classes = [permissions.IsAuthenticated & UserTicketAccessPermission]
|
|
|
+ permission_classes = [permissions.IsAuthenticated & UserTicketAccessPermission | HasAPIKey]
|
|
|
|
|
|
def destroy(self, request, *args, **kwargs):
|
|
|
instance = self.get_object()
|
|
|
@@ -20,7 +22,7 @@ class TicketDetailAPIView(generics.RetrieveUpdateDestroyAPIView):
|
|
|
class TicketCreateAPIView(generics.CreateAPIView):
|
|
|
queryset = Ticket.objects.all()
|
|
|
serializer_class = TicketSerializer
|
|
|
- permission_classes = [permissions.IsAuthenticated & UserTicketAccessPermission]
|
|
|
+ permission_classes = [permissions.IsAuthenticated & UserTicketAccessPermission | HasAPIKey]
|
|
|
|
|
|
def perform_create(self, serializer):
|
|
|
if serializer.is_valid():
|
|
|
@@ -30,4 +32,4 @@ class TicketCreateAPIView(generics.CreateAPIView):
|
|
|
class TicketStatusAPIView(generics.RetrieveUpdateAPIView):
|
|
|
queryset = Ticket.objects.all()
|
|
|
serializer_class = TicketStatusSerializer
|
|
|
- permission_classes = [permissions.IsAuthenticated & UserTicketStatusAccessPermission]
|
|
|
+ permission_classes = [permissions.IsAuthenticated & UserTicketStatusAccessPermission | HasAPIKey]
|
ShariX Developer