Merge branch 'feature/sentry-access' into 'master'

Access Sentry access permission and API call to provide necessary auth info See merge request !866

Merge branch 'feature/sentry-access' into 'master'
Access Sentry access permission and API call to provide necessary auth info See merge request !866
7be36758 · Joren Vrancken · a9c84329 · 57cfb072 · 7be36758 · 7be36758
Commit 7be36758 authored Jul 24, 2018 by Joren Vrancken
9 changed files
--- a/docs/members.api.rst
+++ b/docs/members.api.rst
@@ -9,6 +9,14 @@ members\.api package
 Submodules
 ----------

+members\.api\.permissions module
+--------------------------------
+
+.. automodule:: members.api.permissions
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
 members\.api\.serializers module
 --------------------------------

@@ -25,6 +33,14 @@ members\.api\.urls module
    :undoc-members:
    :show-inheritance:

+members\.api\.views module
+--------------------------
+
+.. automodule:: members.api.views
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
 members\.api\.viewsets module
 -----------------------------


--- a/website/members/api/permissions.py
+++ b/website/members/api/permissions.py
+from django.conf import settings
+
+from rest_framework import permissions
+
+
+class SentryIdentityPermission(permissions.BasePermission):
+    """
+    Permission check for Sentry secret key and access permission
+    """
+
+    def has_permission(self, request, view):
+        if 'secret' in request.GET:
+            return (request.GET['secret'] == settings.MEMBERS_SENTRY_API_SECRET
+                    and request.user.has_perm('auth.sentry_access'))
+        return False
--- a/website/members/api/serializers.py
+++ b/website/members/api/serializers.py
@@ -150,3 +150,9 @@ class MemberListSerializer(serializers.ModelSerializer):
        return create_image_thumbnail_dict(
            self.context['request'], file, placeholder=placeholder,
            size_large='800x800')
+
+
+class SentryIdentitySerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Member
+        fields = ('pk', 'first_name', 'last_name', 'email', 'is_superuser')
--- a/website/members/api/urls.py
+++ b/website/members/api/urls.py
+from django.urls import path
 from rest_framework import routers

-from members.api import viewsets
+from members.api import viewsets, views

 router = routers.SimpleRouter()
 router.register(r'members', viewsets.MemberViewset)
-urlpatterns = router.urls
+urlpatterns = router.urls + [
+    path('sentry-access/', views.SentryIdentityView.as_view())
+]
--- a/website/members/api/views.py
+++ b/website/members/api/views.py
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+from members.api.permissions import SentryIdentityPermission
+from members.api.serializers import SentryIdentitySerializer
+
+
+class SentryIdentityView(APIView):
+    permission_classes = (IsAuthenticated, SentryIdentityPermission)
+
+    def get(self, request, format=None):
+        serializer = SentryIdentitySerializer(request.user)
+        return Response(serializer.data)
--- a/website/members/migrations/0022_auto_20180708_1802.py
+++ b/website/members/migrations/0022_auto_20180708_1802.py
+# Generated by Django 2.0.2 on 2018-07-08 16:02
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('members', '0021_emailchange'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='member',
+            options={'ordering': ('first_name', 'last_name'), 'permissions': (('sentry_access', 'Access the Sentry backend'),)},
+        ),
+    ]
--- a/website/members/models.py
+++ b/website/members/models.py
@@ -78,6 +78,9 @@ class Member(User):
    class Meta:
        proxy = True
        ordering = ('first_name', 'last_name')
+        permissions = (
+            ('sentry_access', _("Access the Sentry backend")),
+        )

    objects = MemberManager()
    current_members = CurrentMemberManager()

--- a/website/thaliawebsite/settings/production.py
+++ b/website/thaliawebsite/settings/production.py
@@ -81,6 +81,7 @@ WIKI_API_KEY = os.environ.get('WIKI_API_KEY', 'changeme')
 MIGRATION_KEY = os.environ.get('MIGRATION_KEY')
 PUSH_NOTIFICATIONS_API_KEY = os.environ.get('PUSH_NOTIFICATIONS_API_KEY', '')
 MAILINGLIST_API_SECRET = os.environ.get('MAILINGLIST_API_SECRET', '')
+MEMBERS_SENTRY_API_SECRET = os.environ.get('MEMBERS_SENTRY_API_SECRET', '')

 if os.environ.get('DJANGO_SSLONLY'):
    SECURE_SSL_REDIRECT = True

--- a/website/thaliawebsite/settings/settings.py
+++ b/website/thaliawebsite/settings/settings.py
@@ -278,6 +278,9 @@ PUSH_NOTIFICATIONS_API_KEY = ''
 # Mailinglist API key
 MAILINGLIST_API_SECRET = ''

+# Members Sentry API key
+MEMBERS_SENTRY_API_SECRET = ''
+
 # Photos settings
 PHOTO_UPLOAD_SIZE = 1920, 1080