45 lines
1.3 KiB
Python

from typing import Any, Optional
from django.conf import settings
from django.http import HttpRequest
from ninja.security.apikey import APIKeyCookie
__all__ = ["SessionAuth", "SessionAuthSuperUser", "SessionAuthIsStaff"]
class SessionAuth(APIKeyCookie):
"Reusing Django session authentication"
param_name: str = settings.SESSION_COOKIE_NAME
def authenticate(self, request: HttpRequest, key: Optional[str]) -> Optional[Any]:
if request.user.is_authenticated:
return request.user
return None
class SessionAuthSuperUser(APIKeyCookie):
"Reusing Django session authentication & verify that the user is a super user"
param_name: str = settings.SESSION_COOKIE_NAME
def authenticate(self, request: HttpRequest, key: Optional[str]) -> Optional[Any]:
is_superuser = getattr(request.user, "is_superuser", None)
if request.user.is_authenticated and is_superuser:
return request.user
return None
class SessionAuthIsStaff(SessionAuthSuperUser):
def authenticate(self, request: HttpRequest, key: Optional[str]) -> Optional[Any]:
result = super().authenticate(request, key)
if result is not None:
return result
if request.user.is_authenticated and getattr(request.user, "is_staff", None):
return request.user
return None