tags:

views:

44

answers:

2
+2  Q: 

How add an public API to an intranet-like site?

I run a Pinax-site for collaborative purposes. I added 'account.middleware.AuthenticatedMiddleware' to 'MIDDLEWARE_CLASSES' in order to not allow anonymous access to anything on the site.

But now I need public APIs to be enabled. Is there any solutions besides adding 'login_required'-decorator at all the views that still need to be private?

edit Gregor Müllegger answer doesn't work. settings.AUTHENTICATED_EXEMPT_URLS seems to get overwritten somewhere in the code

class AuthenticatedMiddleware(object):
    def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
        if login_url is None:
            login_url = settings.LOGIN_URL
        self.redirect_field_name = redirect_field_name
        self.login_url = login_url
        self.exemptions = [
            r"^%s" % settings.MEDIA_URL,
            r"^%s" % settings.STATIC_URL,
            r"^%s$" % login_url,
        ] 
        print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS
        if ( settings.AUTHENTICATED_EXEMPT_URLS):
            self.exemptions += settings.AUTHENTICATED_EXEMPT_URLS


print "settings.AUTHENTICATED_EXEMPT_URLS ",settings.AUTHENTICATED_EXEMPT_URLS

doesn't print my settings but this:

settings.AUTHENTICATED_EXEMPT_URLS  ['^/account/signup/$', '^/account/password_reset', '^/account/confirm_email', '^/openid']

I will try to fix it.

A: 

I just found a solution:

  • generate a second django-project

  • use the same db-setting

  • link to the needed apps (models.py only if you want to overide the views)

  • add apps to INSTALLED_APPS, remove all others

Please leave your comments

vikingosegundo  2010-01-21 18:37:39
This is a hack - Gregor Müllegger is the proper way to do it.
ashchristopher  2010-01-21 19:46:00
Can u explain why this solution worth a down-vote? A hack isn't necessarily evil.
vikingosegundo  2010-01-21 20:20:12
This solution is worth a down-vote. You would have to maintain two project paths, two copies of settings etc. It would violate the main principle of Django- Don't Repeat Yourself.
fest  2010-01-21 20:52:26
right now it is the only solution that works for me, as Gregor Müllegger doesn't work (see my edit)
vikingosegundo  2010-01-21 21:10:34
To make this solution not so hacky you can use just a second settings file instead of a complete new project. Create a `api_settings.py` file and include something like this: from settings import * INSTALLED_APPS = ( # the apps you need for the api ) URL_ROOT = 'api_urls.py' # ...Now you can start the "api project" the same way as the original project. You just must set the DJANGO_SETTINGS_MODULE environment variable to `api_settings` instead of `settings`.
Gregor Müllegger  2010-01-22 10:42:55
+3  A: 

Have a look at the source code of AuthenticatedMiddleware.

It reveals that there is a setting called AUTHENTICATED_EXEMPT_URLS. It can contain regular expressions that are left public. Set it to something like this in your settings.py:

AUTHENTICATED_EXEMPT_URLS = (r"^api/",)

This will make any URLs below /api/ available without being logged in.t

Gregor Müllegger  2010-01-21 19:43:23
please see my edit
vikingosegundo  2010-01-21 20:55:24
The urls in `AUTHENTICATED_EXEMPT_URLS` you described above are defined in the default settings of the `intranet_project` (see this please: http://github.com/pinax/pinax/blob/ddfd4b8cac714ffc30c73604e5399860210054f0/pinax/projects/intranet_project/settings.py#L199 ). You can append your urls (like `r'api/'`) to it. *(Tip: I often search the whole code base of my projects to find such redefinitions with `grep -r` or something similiar. This helps out most of the time)*
Gregor Müllegger  2010-01-22 10:50:05
I dont think, overwriting the default-blueprint is useful, as it breaks updatecycles. Instead I altered `exemptions` in `<my_project>/apps/account/middleware.py`
vikingosegundo  2010-01-22 18:59:38

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django