use djangorestframwork in api

thirdpart/auth/decorators.py

@@ -44,6 +44,44 @@ def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
     return actual_decorator
 
 
+def api_user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
+    """
+    Decorator for views that checks that the user passes the given test,
+    redirecting to the log-in page if necessary. The test should be a callable
+    that takes the user object and returns True if the user passes.
+    """
+    if not login_url:
+        from django.conf import settings
+        login_url = settings.LOGIN_URL
+
+    def decorator(view_func):
+        def _wrapped_view(obj, request, *args, **kwargs):
+            if test_func(request.user):
+                return view_func(obj, request, *args, **kwargs)
+            path = urlquote(request.get_full_path())
+            tup = login_url, redirect_field_name, path
+            json_content_type = 'application/json; charset=utf-8'
+
+            return HttpResponse(json.dumps('%s?%s=%s' % tup), status=401,
+                        content_type=json_content_type)
+        return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
+    return decorator
+
+
+def api_login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
+    """
+    Decorator for views that checks that the user is logged in, redirecting
+    to the log-in page if necessary.
+    """
+    actual_decorator = api_user_passes_test(
+        lambda u: u.is_authenticated(),
+        redirect_field_name=redirect_field_name
+    )
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
+
+
 def permission_required(perm, login_url=None):
     """
     Decorator for views that checks whether a user has a particular permission