requests

Website/api/serializers.py

@@ -1,8 +1,9 @@
 from django.contrib.auth.models import User, Group
 from .models import Student, Teacher, Classes, Assignment
-from rest_framework import serializers
+from rest_framework import serializers, permissions
 
 class AssignmentSerializer(serializers.HyperlinkedModelSerializer):
+    permissions_classes = [permissions.IsAuthenticatedOrReadOnly]
     class Meta:
         model = Assignment
         fields = ['name', 'due_date', 'url']

Website/api/views.py

@@ -1,8 +1,6 @@
 from .models import Student, Teacher, Classes, Assignment
 from .serializers import StudentSerializer, TeacherSerializer, ClassesSerializer, AssignmentSerializer
-from rest_framework import generics, viewsets
-
-
+from rest_framework import generics, viewsets, permissions
 
 class StudentViewSet(viewsets.ModelViewSet):
     """
@@ -10,6 +8,7 @@ class StudentViewSet(viewsets.ModelViewSet):
     """
     queryset = Student.objects.all()
     serializer_class = StudentSerializer
+    permissions_classes = [permissions.IsAuthenticatedOrReadOnly]
 
 
 class TeacherViewSet(viewsets.ModelViewSet):
@@ -30,5 +29,6 @@ class AssignmentViewSet(viewsets.ModelViewSet):
     """
     API endpoint that allows users to be viewed or edited.
     """
+    permissions_classes = [permissions.IsAuthenticatedOrReadOnly]
     queryset = Assignment.objects.all()
-    serializer_class = AssignmentSerializer
+    serializer_class = AssignmentSerializer

Website/skoolsite/urls.py

@@ -1,7 +1,8 @@
-from django.urls import include, path
+from django.urls import path
 from rest_framework import routers
 from api import views
 from django.contrib import admin
+from django.conf.urls import include
 
 router = routers.DefaultRouter()
 router.register(r'students', views.StudentViewSet)
@@ -13,7 +14,7 @@ router.register(r'classes', views.ClassesViewSet)
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
     path('', include(router.urls)),
-    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    path('api-auth/', include('rest_framework.urls')),
     path('admin/', admin.site.urls),
 
 ]

Website/templates/base.html

@@ -0,0 +1,3 @@
+
+{% block page_content %}
+{% endblock %}

Website/templates/oauth2_provider/logged_out.html

@@ -0,0 +1,6 @@
+{% extends "base.html" %}
+
+{% block content %}
+  <p>Logged out!</p>  
+  <a href="{% url 'login'%}">Click here to login again.</a>
+{% endblock %}

Website/templates/oauth2_provider/login.html

@@ -0,0 +1,37 @@
+{% extends "base.html" %}
+
+{% block page_content %}
+
+  {% if form.errors %}
+    <p>Your username and password didn't match. Please try again.</p>
+  {% endif %}
+  
+  {% if next %}
+    {% if user.is_authenticated %}
+      <p>Your account doesn't have access to this page. To proceed,
+      please login with an account that has access.</p>
+    {% else %}
+      <p>Please login to see this page.</p>
+    {% endif %}
+  {% endif %}
+  
+  <form method="post" action="{% url 'login' %}">
+    {% csrf_token %}
+    <table>
+      <tr>
+        <td>{{ form.username.label_tag }}</td>
+        <td>{{ form.username }}</td>
+      </tr>
+      <tr>
+        <td>{{ form.password.label_tag }}</td>
+        <td>{{ form.password }}</td>
+      </tr>
+    </table>
+    <input type="submit" value="login" />
+    <input type="hidden" name="next" value="{{ next }}" />
+  </form>
+  
+  {# Assumes you setup the password_reset view in your URLconf #}
+  <p><a href="{% url 'password_reset' %}">Lost password?</a></p>
+  
+{% endblock %}

requirements.txt

@@ -1,11 +1,19 @@
 asgiref==3.2.7
+certifi==2020.4.5.1
+chardet==3.0.4
 click==7.1.2
 Django==3.0.7
+django-cors-middleware==1.5.0
+django-oauth-toolkit==1.3.2
+djangorestframework==3.11.0
+idna==2.9
+oauthlib==3.1.0
 prompt-toolkit==1.0.14
 Pygments==2.6.1
 PyInquirer==1.0.3
 pytz==2020.1
 regex==2020.5.14
+requests==2.23.0
 selenium==3.141.0
 six==1.15.0
 sqlparse==0.3.1