From ac7baa5333937ebcb5de53470855d258984ada80 Mon Sep 17 00:00:00 2001
From: Hongyuan Ma <CS_MaleicAcid@163.com>
Date: Tue, 3 Jul 2018 23:36:54 +0800
Subject: [PATCH] add UserMachinePermission

---
 web/apps/test_records/views.py |  7 +++++--
 web/apps/users/views.py        | 18 +++++++++++++++---
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/web/apps/test_records/views.py b/web/apps/test_records/views.py
index 09bc702..de86c6f 100644
--- a/web/apps/test_records/views.py
+++ b/web/apps/test_records/views.py
@@ -11,11 +11,12 @@ from exception import TestDataUploadError
 from filters import TestRecordListFilter
 from models import UserMachine, TestCategory
 from pgperffarm.settings import DB_ENUM
+from users.views import UserMachinePermission
 from .serializer import MachineHistoryRecordSerializer
 from .serializer import TestRecordListSerializer, TestRecordDetailSerializer, LinuxInfoSerializer, MetaInfoSerializer, \
     PGInfoSerializer, CreateTestRecordSerializer, CreateTestDateSetSerializer, TestResultSerializer
 
-from rest_framework.decorators import api_view
+from rest_framework.decorators import api_view, permission_classes
 from rest_framework.response import Response
 from rest_framework import mixins
 from rest_framework import status
@@ -59,7 +60,9 @@ class MachineHistoryRecordViewSet(mixins.RetrieveModelMixin, viewsets.GenericVie
     serializer_class = MachineHistoryRecordSerializer
     # pagination_class = StandardResultsSetPagination
 
+
 @api_view(['POST'])
+@permission_classes((UserMachinePermission, ))
 def TestRecordCreate(request, format=None):
     """
     Receive data from client
@@ -74,7 +77,7 @@ def TestRecordCreate(request, format=None):
     # jsLoads = json.loads(data[0])
 
     # todo get machine by token
-    test_machine = 1
+    test_machine = UserMachine.objects.filter(secret)
 
     from django.db import transaction
 
diff --git a/web/apps/users/views.py b/web/apps/users/views.py
index 19668cc..5125a51 100644
--- a/web/apps/users/views.py
+++ b/web/apps/users/views.py
@@ -3,10 +3,11 @@ from __future__ import unicode_literals
 
 from django.contrib.auth.backends import ModelBackend
 from django.db.models import Q
-from django.shortcuts import render
 
 # Create your views here.
-from models import UserProfile
+from rest_framework import permissions
+
+from .models import UserProfile, UserMachine
 
 
 class CustomBackend(ModelBackend):
@@ -21,4 +22,15 @@ class CustomBackend(ModelBackend):
 
 
         except Exception as e:
-            return None
\ No newline at end of file
+            return None
+
+
+class UserMachinePermission(permissions.BasePermission):
+    """
+    Global permission check for blacklisted IPs.
+    """
+
+    def has_permission(self, request, view):
+        secret = request.data.secret
+        ret = UserMachine.objects.filter(machine_secret=secret,is_active=1).exists()
+        return ret
-- 
2.39.5