mirrors/recipes
1
0
Fork 0
mirror of https://github.com/TandoorRecipes/recipes.git synced 2026-01-06 14:48:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

added token auth for share link endpoint

Browse Source
This commit is contained in:
vabene1111
2023-03-28 15:42:34 +02:00
parent 2a5fc22dd7
commit 0ba2fa296a
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cookbook/views/api.py
View File

@@ -1401,17 +1401,17 @@ def sync_all(request):
return redirect('list_recipe_import') return redirect('list_recipe_import')
@api_view(['GET'])
# @schema(AutoSchema()) #TODO add proper schema
@permission_classes([CustomIsUser & CustomTokenHasReadWriteScope])
def share_link(request, pk): def share_link(request, pk):
if request.user.is_authenticated: if request.space.allow_sharing and has_group_permission(request.user, ('user',)):
if request.space.allow_sharing and has_group_permission(request.user, ('user',)): recipe = get_object_or_404(Recipe, pk=pk, space=request.space)
recipe = get_object_or_404(Recipe, pk=pk, space=request.space) link = ShareLink.objects.create(recipe=recipe, created_by=request.user, space=request.space)
link = ShareLink.objects.create(recipe=recipe, created_by=request.user, space=request.space) return JsonResponse({'pk': pk, 'share': link.uuid,
return JsonResponse({'pk': pk, 'share': link.uuid, 'link': request.build_absolute_uri(reverse('view_recipe', args=[pk, link.uuid]))})
'link': request.build_absolute_uri(reverse('view_recipe', args=[pk, link.uuid]))}) else:
else: return JsonResponse({'error': 'sharing_disabled'}, status=403)
return JsonResponse({'error': 'sharing_disabled'}, status=403)
return JsonResponse({'error': 'not_authenticated'}, status=403)
@group_required('user') @group_required('user')