Commit 2b96ec19 authored by Markus Shepherd's avatar Markus Shepherd

disable all write endpoints in prod, resolving #19

parent bf86b7b2
......@@ -20,3 +20,4 @@ pylint = "*"
mypy = "*"
pytest = "*"
ipython = "*"
python-dotenv = "*"
{
"_meta": {
"hash": {
"sha256": "66a50a804113bec8e28a72fbb811efb98be29eb8c4880ff8ad5513ccb676ee14"
"sha256": "834e74fbe1162e0d7c5d20cc24569d59a4ff2c0eb6dde6dc053fe46b368264b1"
},
"pipfile-spec": 6,
"requires": {
......@@ -559,6 +559,14 @@
"index": "pypi",
"version": "==3.10.1"
},
"python-dotenv": {
"hashes": [
"sha256:122290a38ece9fe4f162dc7c95cae3357b983505830a154d3c98ef7f6c6cea77",
"sha256:4a205787bc829233de2a823aa328e44fd9996fedb954989a21f1fc67c13d7a77"
],
"index": "pypi",
"version": "==0.9.1"
},
"six": {
"hashes": [
"sha256:0ff78c403d9bccf5a425a6d31a12aa6b47f1c21ca4dc2573a7e2f32a97335eb1",
......
# -*- coding: utf-8 -*-
''' permissions '''
from rest_framework.permissions import BasePermission, SAFE_METHODS
class ReadOnly(BasePermission):
''' read-only permission '''
message = 'You cannot write this resource.'
def has_permission(self, request, view):
return request.method in SAFE_METHODS
......@@ -8,11 +8,14 @@ from django.conf import settings
from django_filters import FilterSet
from django_filters.rest_framework import DjangoFilterBackend
from rest_framework.decorators import action
from rest_framework.exceptions import NotAuthenticated, MethodNotAllowed, PermissionDenied
from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.permissions import AllowAny
from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet
from .models import Game, Person
from .permissions import ReadOnly
from .serializers import GameSerializer, PersonSerializer
......@@ -109,6 +112,15 @@ class GameViewSet(ModelViewSet):
'name',
)
def get_permissions(self):
cls = ReadOnly if settings.READ_ONLY else AllowAny
return (cls(),)
def handle_exception(self, exc):
if settings.READ_ONLY and isinstance(exc, (NotAuthenticated, PermissionDenied)):
exc = MethodNotAllowed(self.request.method)
return super().handle_exception(exc)
@action(detail=False)
def recommend(self, request):
''' recommend games '''
......
......@@ -16,6 +16,8 @@ SECRET_KEY = os.getenv('SECRET_KEY', '+*6x!0^!j^&h4+l-w7h!)pk=1m7gie&@&0cjq7)19%
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(os.getenv('DEBUG'))
ENVIRONMENT = os.getenv('ENVIRONMENT', 'development' if DEBUG else 'production')
READ_ONLY = ENVIRONMENT == 'production'
ALLOWED_HOSTS = [
'0.0.0.0',
......
......@@ -6,7 +6,11 @@
import os
import sys
from dotenv import load_dotenv
if __name__ == '__main__':
load_dotenv(verbose=True)
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'ludoj.settings')
try:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment