From cbdeb0e2bedc9eda3a8ec25be0df8250606abccc Mon Sep 17 00:00:00 2001
From: Ivlev Denis <di-erz@yandex.ru>
Date: Fri, 9 Feb 2018 14:24:45 +0300
Subject: [PATCH] Only admin users obtain tocken

---
 api/v1/auth.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/api/v1/auth.py b/api/v1/auth.py
index 2bf643f4..ea99f40c 100644
--- a/api/v1/auth.py
+++ b/api/v1/auth.py
@@ -1,9 +1,12 @@
+from django.contrib.auth import get_user_model
 from django.utils.translation import ugettext_lazy as _
 
 from rest_framework import serializers
 from rest_framework.authtoken.views import ObtainAuthToken
 from rest_framework.compat import authenticate
 
+User = get_user_model()
+
 
 class AuthTokenSerializer(serializers.Serializer):
     email = serializers.CharField(label=_("Email"))
@@ -27,8 +30,11 @@ class AuthTokenSerializer(serializers.Serializer):
             if not user:
                 msg = _('Unable to log in with provided credentials.')
                 raise serializers.ValidationError(msg, code='authorization')
+            elif user.role != User.ADMIN_ROLE:
+                msg = _('Only admin have permission to login admin page.')
+                raise serializers.ValidationError(msg, code='authorization')
         else:
-            msg = _('Must include "username" and "password".')
+            msg = _('Must include "email" and "password".')
             raise serializers.ValidationError(msg, code='authorization')
 
         attrs['user'] = user