Enhaced API : look for permissions, automaticly add /{pk}/id, added

users, groups and clubs
This commit is contained in:
Antoine Bartuccio 2016-08-07 20:32:12 +02:00
parent 1a6373e9ce
commit 2822d947d9
4 changed files with 89 additions and 16 deletions

View File

@ -6,6 +6,9 @@ from rest_framework import routers
# Router config
router = routers.DefaultRouter()
router.register(r'counter', CounterViewSet, base_name='api_counter')
router.register(r'user', UserViewSet, base_name='api_user')
router.register(r'club', ClubViewSet, base_name='api_club')
router.register(r'group', GroupViewSet, base_name='api_group')
urlpatterns = [

View File

@ -1,2 +1,34 @@
from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from core.views import can_view, can_edit
class RightManagedModelViewSet(viewsets.ModelViewSet):
@detail_route()
def id(self, request, pk=None):
"""
Get by id (api/v1/router/{pk}/id/)
"""
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(serializer.data)
def dispatch(self, request, *arg, **kwargs):
res = super(RightManagedModelViewSet,
self).dispatch(request, *arg, **kwargs)
obj = self.queryset
user = self.request.user
try:
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method == 'PUSH' and can_edit(obj, user)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied
from .api import *
from .serializers import *

View File

@ -7,8 +7,10 @@ from rest_framework.decorators import list_route
from core.templatetags.renderer import markdown
from counter.models import Counter
from core.models import User, Group
from club.models import Club
from api.views import serializers
from api.views import RightManagedModelViewSet
@api_view(['GET'])
def RenderMarkdown(request):
@ -19,28 +21,45 @@ def RenderMarkdown(request):
return Response(markdown(request.GET['text']))
class CounterViewSet(viewsets.ModelViewSet):
class CounterViewSet(RightManagedModelViewSet):
"""
Manage Counters (api/v1/counter)
Manage Counters (api/v1/counter/)
"""
serializer_class = serializers.Counter
serializer_class = serializers.CounterRead
queryset = Counter.objects.all()
@list_route()
def bar(self, request):
"""
Return all bars (api/v1/counter/bar)
Return all bars (api/v1/counter/bar/)
"""
self.queryset = Counter.objects.filter(type="BAR")
self.queryset = self.queryset.filter(type="BAR")
serializer = self.get_serializer(self.queryset, many=True)
return Response(serializer.data)
@detail_route()
def id(self, request, pk=None):
class UserViewSet(RightManagedModelViewSet):
"""
Get by id (api/v1/{nk}/id)
Manage Users (api/v1/user/)
"""
self.queryset = get_object_or_404(Counter.objects.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(serializer.data)
serializer_class = serializers.UserRead
queryset = User.objects.all()
class ClubViewSet(RightManagedModelViewSet):
"""
Manage Clubs (api/v1/club/)
"""
serializer_class = serializers.ClubRead
queryset = Club.objects.all()
class GroupViewSet(RightManagedModelViewSet):
"""
Manage Groups (api/v1/group/)
"""
serializer_class = serializers.GroupRead
queryset = Group.objects.all()

View File

@ -1,8 +1,10 @@
from rest_framework import serializers
from counter.models import Counter
from core.models import User, Group
from club.models import Club
class Counter(serializers.ModelSerializer):
class CounterRead(serializers.ModelSerializer):
is_open = serializers.BooleanField(read_only=True)
barman_list = serializers.ListField(
@ -13,3 +15,20 @@ class Counter(serializers.ModelSerializer):
model = Counter
fields = ('id', 'name', 'type', 'is_open', 'barman_list')
class UserRead(serializers.ModelSerializer):
class Meta:
model = User
class ClubRead(serializers.ModelSerializer):
class Meta:
model = Club
class GroupRead(serializers.ModelSerializer):
class Meta:
model = Group