From f485a04dfcaa33b59d10cd3cc6c32e20d045bdaa Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Tue, 27 Feb 2018 13:40:27 -0500 Subject: [PATCH 1/3] disallow changing token-app --- awx/api/serializers.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 0057c69bd9..f0ce4f1a3a 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -938,8 +938,7 @@ class UserAuthorizedTokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'expires', 'scope', 'application', ) - read_only_fields = ('user', 'token', 'expires') - read_only_on_update_fields = ('application',) + read_only_fields = ('user', 'token', 'expires', 'application') def get_token(self, obj): request = self.context.get('request', None) @@ -1046,7 +1045,7 @@ class OAuth2TokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'application', 'expires', 'scope', ) - read_only_fields = ('user', 'token', 'expires') + read_only_fields = ('user', 'token', 'expires', 'application') def get_modified(self, obj): if obj is None: @@ -1117,8 +1116,7 @@ class OAuth2AuthorizedTokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'expires', 'scope', 'application', ) - read_only_fields = ('user', 'token', 'expires') - read_only_on_update_fields = ('application',) + read_only_fields = ('user', 'token', 'expires', 'application',) def get_token(self, obj): request = self.context.get('request', None) @@ -1171,8 +1169,7 @@ class OAuth2PersonalTokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'application', 'expires', 'scope', ) - read_only_fields = ('user', 'token', 'expires') - read_only_on_update_fields = ('application',) + read_only_fields = ('user', 'token', 'expires', 'application') def get_modified(self, obj): if obj is None: From 06bacd7bdcd5c430ec5389503261725592be4217 Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Thu, 8 Mar 2018 12:03:50 -0500 Subject: [PATCH 2/3] add serializer for token detail --- awx/api/serializers.py | 20 +++++++++++++++++--- awx/api/views.py | 2 +- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index f0ce4f1a3a..1e8fdc8f12 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -938,7 +938,7 @@ class UserAuthorizedTokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'expires', 'scope', 'application', ) - read_only_fields = ('user', 'token', 'expires', 'application') + read_only_fields = ('user', 'token', 'expires') def get_token(self, obj): request = self.context.get('request', None) @@ -1045,7 +1045,7 @@ class OAuth2TokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'application', 'expires', 'scope', ) - read_only_fields = ('user', 'token', 'expires', 'application') + read_only_fields = ('user', 'token', 'expires') def get_modified(self, obj): if obj is None: @@ -1104,6 +1104,20 @@ class OAuth2TokenSerializer(BaseSerializer): ) return obj + +class OAuth2TokenDetailSerializer(OAuth2TokenSerializer): + + refresh_token = serializers.SerializerMethodField() + token = serializers.SerializerMethodField() + + class Meta: + model = OAuth2AccessToken + fields = ( + '*', '-name', 'description', 'user', 'token', 'refresh_token', + 'application', 'expires', 'scope', + ) + read_only_fields = ('user', 'token', 'expires', 'application') + class OAuth2AuthorizedTokenSerializer(BaseSerializer): @@ -1116,7 +1130,7 @@ class OAuth2AuthorizedTokenSerializer(BaseSerializer): '*', '-name', 'description', 'user', 'token', 'refresh_token', 'expires', 'scope', 'application', ) - read_only_fields = ('user', 'token', 'expires', 'application',) + read_only_fields = ('user', 'token', 'expires') def get_token(self, obj): request = self.context.get('request', None) diff --git a/awx/api/views.py b/awx/api/views.py index a5f4a662b3..137df4d949 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1587,7 +1587,7 @@ class OAuth2TokenDetail(RetrieveUpdateDestroyAPIView): view_name = _("OAuth Token Detail") model = OAuth2AccessToken - serializer_class = OAuth2TokenSerializer + serializer_class = OAuth2TokenDetailSerializer class OAuth2TokenActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView): From 91c0f2da6f1d4a52fda12112f0d5d9e72e848058 Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Thu, 8 Mar 2018 14:55:25 -0500 Subject: [PATCH 3/3] simplifies detail serializer --- awx/api/serializers.py | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 1e8fdc8f12..431c2bb19e 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1107,16 +1107,8 @@ class OAuth2TokenSerializer(BaseSerializer): class OAuth2TokenDetailSerializer(OAuth2TokenSerializer): - refresh_token = serializers.SerializerMethodField() - token = serializers.SerializerMethodField() - class Meta: - model = OAuth2AccessToken - fields = ( - '*', '-name', 'description', 'user', 'token', 'refresh_token', - 'application', 'expires', 'scope', - ) - read_only_fields = ('user', 'token', 'expires', 'application') + read_only_fields = ('*', 'user', 'application') class OAuth2AuthorizedTokenSerializer(BaseSerializer):