Operational authorization via tastypie.

lib/api/auth.py

@@ -2,26 +2,15 @@ from tastypie.authentication import Authentication
 from tastypie.authorization import Authorization
 
 # FIXME: this is completely stubbed out at this point!
-
-class AcomAuthentication(Authentication):
-    def is_authenticated(self, request, **kwargs):
-        return True
-        #if 'admin' in request.user.username:
-        #  return True
-
-        #return False
-
-    # Optional but recommended
-    def get_identifier(self, request):
-        return request.user.username
+# INTENTIONALLY NOT IMPLEMENTED CORRECTLY :)
 
 class AcomAuthorization(Authorization):
+
     def is_authorized(self, request, object=None):
-        return True
-        #if request.user.username == 'admin':
-        #    return True
-        #else:
-        #    return False
+        if request.user.username == 'admin':
+            return True
+        else:
+            return False
 
     # Optional but useful for advanced limiting, such as per user.
     def apply_limits(self, request, object_list):

lib/api/resources/organizations.py

@@ -1,7 +1,8 @@
 # myapp/api.py
 
 from tastypie.resources import ModelResource
-from lib.api.auth import AcomAuthentication, AcomAuthorization
+from tastypie.authentication import BasicAuthentication
+from lib.api.auth import AcomAuthorization
 
 import lib.main.models as models
 
@@ -10,7 +11,7 @@ class Organizations(ModelResource):
     class Meta:
         queryset = models.Organization.objects.all()
         resource_name = 'organizations'
-        authentication = AcomAuthentication()
+        authentication = BasicAuthentication()
         authorization = AcomAuthorization()