From ac8fb0bfe3a8d5c289962d00e4193020c0a7231b Mon Sep 17 00:00:00 2001
From: Aarni Halinen <aarni.halinen@aalto.fi>
Date: Tue, 24 Jul 2018 19:09:42 +0300
Subject: [PATCH] Set authentication to webapp DRF

---
 requirements.txt | 2 ++
 sikweb/base.py   | 3 ++-
 webapp/views.py  | 8 +++++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 535dd48..8d18fcf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,6 +14,8 @@ requests==2.11.1
 django-nocaptcha-recaptcha==0.0.19
 django-cors-headers==2.0.1
 djangorestframework==3.8.2
+PyJWT==1.6.4
+djangorestframework-jwt==1.11.0
 coverage==4.3.4
 django-nose==1.4.5
 nose-exclude==0.5.0
diff --git a/sikweb/base.py b/sikweb/base.py
index a63433e..bbb197c 100644
--- a/sikweb/base.py
+++ b/sikweb/base.py
@@ -96,6 +96,7 @@ INSTALLED_APPS = [
     'kaehmy',
     'ohlhafv',
     'rest_framework',
+    'rest_framework_jwt',
     'django_nose',
     'bootstrap3',
     'django_tables2',
@@ -221,7 +222,7 @@ REST_FRAMEWORK = {
         'rest_framework.permissions.IsAdminUser',
     ),
     'DEFAULT_AUTHENTICATION_CLASSES': (
-        'rest_framework.authentication.TokenAuthentication',
+        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
     ),
     'DEFAULT_THROTTLE_CLASSES': (
         'members.throttles.BurstRateThrottle',
diff --git a/webapp/views.py b/webapp/views.py
index 952cce1..e0e561d 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -10,7 +10,7 @@ from django.views.decorators.http import require_http_methods
 # from django.conf import settings
 # from django.utils import timezone
 from rest_framework import viewsets
-# from rest_framework import permissions, authentication
+from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 
@@ -29,31 +29,37 @@ from members.views.utils import *
 class EventViewSet(viewsets.ModelViewSet):
     queryset = Event.objects.all()
     serializer_class = EventSerializer
+    permission_classes = [IsAuthenticatedOrReadOnly]
 
 
 class SignupFormViewSet(viewsets.ModelViewSet):
     queryset = SignupForm.objects.all()
     serializer_class = SignupFormSerializer
+    permission_classes = [IsAuthenticatedOrReadOnly]
 
 
 class SignupViewSet(viewsets.ModelViewSet):
     queryset = Signup.objects.all()
     serializer_class = SignupSerializer
+    permission_classes = []
 
 
 class SavedQuestionsViewSet(viewsets.ModelViewSet):
     queryset = TemplateQuestion.objects.all()
     serializer_class = SavedQuestionsSerializer
+    permission_classes = [IsAuthenticatedOrReadOnly]
 
 
 class FeedViewSet(viewsets.ModelViewSet):
     queryset = Feed.objects.all()
     serializer_class = FeedSerializer
+    permission_classes = [IsAuthenticatedOrReadOnly]
 
 
 class ContactsViewSet(viewsets.ReadOnlyModelViewSet):
     queryset = Official.objects.all()
     serializer_class = ContactsSerializer
+    permission_classes = [IsAuthenticatedOrReadOnly]
 
 
 # -- OLD CODEBASE -- #