From 7b486d640b84e35305a9a85281f3d0b2f76346d2 Mon Sep 17 00:00:00 2001
From: henu <henri.varjotie@aalto.fi>
Date: Wed, 22 Feb 2017 18:02:15 +0200
Subject: [PATCH] Added custom permission class to members rest api

---
 members/permissions.py | 11 +++++++++++
 members/throttles.py   |  7 +++++++
 members/views.py       |  8 ++++++--
 3 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 members/permissions.py
 create mode 100644 members/throttles.py

diff --git a/members/permissions.py b/members/permissions.py
new file mode 100644
index 0000000..2bf6dd5
--- /dev/null
+++ b/members/permissions.py
@@ -0,0 +1,11 @@
+from rest_framework import permissions
+from django.contrib.auth.models import Permission, User
+
+class HasRights(permissions.BasePermission):
+    message = "You need rights to access this content."
+
+    def has_permission(self, request, view):
+        if request.user.has_perm('members.change_member'):
+            return True
+        else:
+            return False
diff --git a/members/throttles.py b/members/throttles.py
new file mode 100644
index 0000000..9000df9
--- /dev/null
+++ b/members/throttles.py
@@ -0,0 +1,7 @@
+from rest_framework.throttling import UserRateThrottle
+
+class BurstRateThrottle(UserRateThrottle):
+    scope = 'burst'
+
+class SustainedRateThrottle(UserRateThrottle):
+    scope = 'sustained'
diff --git a/members/views.py b/members/views.py
index 4da8d4d..f8ebcb3 100644
--- a/members/views.py
+++ b/members/views.py
@@ -16,6 +16,8 @@ from rest_framework import generics
 from rest_framework import generics, status, authentication, exceptions, permissions
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.permissions import IsAuthenticated
+from members.permissions import HasRights
+from members.throttles import BurstRateThrottle, SustainedRateThrottle
 
 # Logger function, you can use the same idea when implementing other loggers to other apps
 memberlogger = logging.getLogger(__name__)
@@ -27,13 +29,15 @@ logging.basicConfig(format='[%(levelname)s]%(asctime)s %(message)s', level=setti
 class MembersList(generics.ListCreateAPIView):
     queryset = Member.objects.all()
     serializer_class = MemberSerializer
-    permission_classes = (permissions.IsAuthenticated, )
+    permission_classes = (HasRights, permissions.IsAuthenticated, )
+    throttle_classes = (BurstRateThrottle, SustainedRateThrottle, )
 
 
 class MemberDetails(generics.RetrieveUpdateDestroyAPIView):
     queryset = Member.objects.all()
     serializer_class = MemberSerializer
-    permission_classes = (permissions.IsAuthenticated, )
+    permission_classes = (HasRights, permissions.IsAuthenticated, )
+    throttle_classes = (BurstRateThrottle, SustainedRateThrottle, )
 
 ########################################
 # function to validate reCaptcha