Sith/api/views/__init__.py

from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route

from core.views import can_view, can_edit

class RightManagedModelViewSet(viewsets.ModelViewSet):

    @detail_route()
    def id(self, request, pk=None):
        """
            Get by id (api/v1/router/{pk}/id/)
        """
        self.queryset = get_object_or_404(self.queryset.filter(id=pk))
        serializer = self.get_serializer(self.queryset)
        return Response(serializer.data)

    def dispatch(self, request, *arg, **kwargs):
        res = super(RightManagedModelViewSet,
                    self).dispatch(request, *arg, **kwargs)
        obj = self.queryset
        user = self.request.user
        try:
            if (request.method == 'GET' and can_view(obj, user)):
                return res
            elif (request.method != 'GET' and can_edit(obj, user)):
                return res
        except: pass # To prevent bug with Anonymous user
        raise PermissionDenied


from .api import *
from .serializers import *
Enhaced API : look for permissions, automaticly add /{pk}/id, added users, groups and clubs 2016-08-07 18:32:12 +00:00			`from rest_framework.response import Response`
			`from rest_framework import viewsets`
			`from django.core.exceptions import PermissionDenied`
			`from rest_framework.decorators import detail_route`

			`from core.views import can_view, can_edit`

			`class RightManagedModelViewSet(viewsets.ModelViewSet):`

			`@detail_route()`
			`def id(self, request, pk=None):`
			`"""`
			`Get by id (api/v1/router/{pk}/id/)`
			`"""`
			`self.queryset = get_object_or_404(self.queryset.filter(id=pk))`
			`serializer = self.get_serializer(self.queryset)`
			`return Response(serializer.data)`

			`def dispatch(self, request, arg, *kwargs):`
			`res = super(RightManagedModelViewSet,`
			`self).dispatch(request, arg, *kwargs)`
			`obj = self.queryset`
			`user = self.request.user`
			`try:`
			`if (request.method == 'GET' and can_view(obj, user)):`
			`return res`
Fixed api permissions 2016-08-07 18:52:53 +00:00			`elif (request.method != 'GET' and can_edit(obj, user)):`
Enhaced API : look for permissions, automaticly add /{pk}/id, added users, groups and clubs 2016-08-07 18:32:12 +00:00			`return res`
			`except: pass # To prevent bug with Anonymous user`
			`raise PermissionDenied`


First steps with the api 2016-08-04 22:50:48 +00:00			`from .api import *`
			`from .serializers import *`