diff --git a/Website/api/auth.py b/Website/api/auth.py new file mode 100644 index 0000000..e69de29 diff --git a/Website/api/serializers.py b/Website/api/serializers.py index e6a3733..26719ad 100644 --- a/Website/api/serializers.py +++ b/Website/api/serializers.py @@ -1,8 +1,9 @@ from django.contrib.auth.models import User, Group from .models import Student, Teacher, Classes, Assignment -from rest_framework import serializers +from rest_framework import serializers, permissions class AssignmentSerializer(serializers.HyperlinkedModelSerializer): + permissions_classes = [permissions.IsAuthenticatedOrReadOnly] class Meta: model = Assignment fields = ['name', 'due_date', 'url'] diff --git a/Website/api/views.py b/Website/api/views.py index adb1030..c5f7b70 100644 --- a/Website/api/views.py +++ b/Website/api/views.py @@ -1,8 +1,6 @@ from .models import Student, Teacher, Classes, Assignment from .serializers import StudentSerializer, TeacherSerializer, ClassesSerializer, AssignmentSerializer -from rest_framework import generics, viewsets - - +from rest_framework import generics, viewsets, permissions class StudentViewSet(viewsets.ModelViewSet): """ @@ -10,6 +8,7 @@ class StudentViewSet(viewsets.ModelViewSet): """ queryset = Student.objects.all() serializer_class = StudentSerializer + permissions_classes = [permissions.IsAuthenticatedOrReadOnly] class TeacherViewSet(viewsets.ModelViewSet): @@ -30,5 +29,6 @@ class AssignmentViewSet(viewsets.ModelViewSet): """ API endpoint that allows users to be viewed or edited. """ + permissions_classes = [permissions.IsAuthenticatedOrReadOnly] queryset = Assignment.objects.all() - serializer_class = AssignmentSerializer + serializer_class = AssignmentSerializer \ No newline at end of file diff --git a/Website/skoolsite/urls.py b/Website/skoolsite/urls.py index 0ca2d12..8d2da08 100644 --- a/Website/skoolsite/urls.py +++ b/Website/skoolsite/urls.py @@ -1,7 +1,8 @@ -from django.urls import include, path +from django.urls import path from rest_framework import routers from api import views from django.contrib import admin +from django.conf.urls import include router = routers.DefaultRouter() router.register(r'students', views.StudentViewSet) @@ -13,7 +14,7 @@ router.register(r'classes', views.ClassesViewSet) # Additionally, we include login URLs for the browsable API. urlpatterns = [ path('', include(router.urls)), - path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), + path('api-auth/', include('rest_framework.urls')), path('admin/', admin.site.urls), ] \ No newline at end of file diff --git a/Website/templates/base.html b/Website/templates/base.html new file mode 100644 index 0000000..664dcf4 --- /dev/null +++ b/Website/templates/base.html @@ -0,0 +1,3 @@ + +{% block page_content %} +{% endblock %} diff --git a/Website/templates/oauth2_provider/authorize.html b/Website/templates/oauth2_provider/authorize.html new file mode 100644 index 0000000..e69de29 diff --git a/Website/templates/oauth2_provider/logged_out.html b/Website/templates/oauth2_provider/logged_out.html new file mode 100644 index 0000000..52cdfa1 --- /dev/null +++ b/Website/templates/oauth2_provider/logged_out.html @@ -0,0 +1,6 @@ +{% extends "base.html" %} + +{% block content %} +

Logged out!

+ Click here to login again. +{% endblock %} \ No newline at end of file diff --git a/Website/templates/oauth2_provider/login.html b/Website/templates/oauth2_provider/login.html new file mode 100644 index 0000000..5018145 --- /dev/null +++ b/Website/templates/oauth2_provider/login.html @@ -0,0 +1,37 @@ +{% extends "base.html" %} + +{% block page_content %} + + {% if form.errors %} +

Your username and password didn't match. Please try again.

+ {% endif %} + + {% if next %} + {% if user.is_authenticated %} +

Your account doesn't have access to this page. To proceed, + please login with an account that has access.

+ {% else %} +

Please login to see this page.

+ {% endif %} + {% endif %} + +
+ {% csrf_token %} + + + + + + + + + +
{{ form.username.label_tag }}{{ form.username }}
{{ form.password.label_tag }}{{ form.password }}
+ + +
+ + {# Assumes you setup the password_reset view in your URLconf #} +

Lost password?

+ +{% endblock %} \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index f7c0a91..fbc7e54 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1,19 @@ asgiref==3.2.7 +certifi==2020.4.5.1 +chardet==3.0.4 click==7.1.2 Django==3.0.7 +django-cors-middleware==1.5.0 +django-oauth-toolkit==1.3.2 +djangorestframework==3.11.0 +idna==2.9 +oauthlib==3.1.0 prompt-toolkit==1.0.14 Pygments==2.6.1 PyInquirer==1.0.3 pytz==2020.1 regex==2020.5.14 +requests==2.23.0 selenium==3.141.0 six==1.15.0 sqlparse==0.3.1