mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-25 18:44:23 +00:00
Enhaced API : look for permissions, automaticly add /{pk}/id, added
users, groups and clubs
This commit is contained in:
parent
1a6373e9ce
commit
2822d947d9
@ -6,6 +6,9 @@ from rest_framework import routers
|
||||
# Router config
|
||||
router = routers.DefaultRouter()
|
||||
router.register(r'counter', CounterViewSet, base_name='api_counter')
|
||||
router.register(r'user', UserViewSet, base_name='api_user')
|
||||
router.register(r'club', ClubViewSet, base_name='api_club')
|
||||
router.register(r'group', GroupViewSet, base_name='api_group')
|
||||
|
||||
urlpatterns = [
|
||||
|
||||
|
@ -1,2 +1,34 @@
|
||||
from rest_framework.response import Response
|
||||
from rest_framework import viewsets
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from rest_framework.decorators import detail_route
|
||||
|
||||
from core.views import can_view, can_edit
|
||||
|
||||
class RightManagedModelViewSet(viewsets.ModelViewSet):
|
||||
|
||||
@detail_route()
|
||||
def id(self, request, pk=None):
|
||||
"""
|
||||
Get by id (api/v1/router/{pk}/id/)
|
||||
"""
|
||||
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
|
||||
serializer = self.get_serializer(self.queryset)
|
||||
return Response(serializer.data)
|
||||
|
||||
def dispatch(self, request, *arg, **kwargs):
|
||||
res = super(RightManagedModelViewSet,
|
||||
self).dispatch(request, *arg, **kwargs)
|
||||
obj = self.queryset
|
||||
user = self.request.user
|
||||
try:
|
||||
if (request.method == 'GET' and can_view(obj, user)):
|
||||
return res
|
||||
elif (request.method == 'PUSH' and can_edit(obj, user)):
|
||||
return res
|
||||
except: pass # To prevent bug with Anonymous user
|
||||
raise PermissionDenied
|
||||
|
||||
|
||||
from .api import *
|
||||
from .serializers import *
|
@ -7,8 +7,10 @@ from rest_framework.decorators import list_route
|
||||
|
||||
from core.templatetags.renderer import markdown
|
||||
from counter.models import Counter
|
||||
from core.models import User, Group
|
||||
from club.models import Club
|
||||
from api.views import serializers
|
||||
|
||||
from api.views import RightManagedModelViewSet
|
||||
|
||||
@api_view(['GET'])
|
||||
def RenderMarkdown(request):
|
||||
@ -19,28 +21,45 @@ def RenderMarkdown(request):
|
||||
return Response(markdown(request.GET['text']))
|
||||
|
||||
|
||||
class CounterViewSet(viewsets.ModelViewSet):
|
||||
class CounterViewSet(RightManagedModelViewSet):
|
||||
"""
|
||||
Manage Counters (api/v1/counter)
|
||||
Manage Counters (api/v1/counter/)
|
||||
"""
|
||||
|
||||
serializer_class = serializers.Counter
|
||||
serializer_class = serializers.CounterRead
|
||||
queryset = Counter.objects.all()
|
||||
|
||||
@list_route()
|
||||
def bar(self, request):
|
||||
"""
|
||||
Return all bars (api/v1/counter/bar)
|
||||
Return all bars (api/v1/counter/bar/)
|
||||
"""
|
||||
self.queryset = Counter.objects.filter(type="BAR")
|
||||
self.queryset = self.queryset.filter(type="BAR")
|
||||
serializer = self.get_serializer(self.queryset, many=True)
|
||||
return Response(serializer.data)
|
||||
|
||||
@detail_route()
|
||||
def id(self, request, pk=None):
|
||||
|
||||
class UserViewSet(RightManagedModelViewSet):
|
||||
"""
|
||||
Get by id (api/v1/{nk}/id)
|
||||
Manage Users (api/v1/user/)
|
||||
"""
|
||||
self.queryset = get_object_or_404(Counter.objects.filter(id=pk))
|
||||
serializer = self.get_serializer(self.queryset)
|
||||
return Response(serializer.data)
|
||||
|
||||
serializer_class = serializers.UserRead
|
||||
queryset = User.objects.all()
|
||||
|
||||
|
||||
class ClubViewSet(RightManagedModelViewSet):
|
||||
"""
|
||||
Manage Clubs (api/v1/club/)
|
||||
"""
|
||||
|
||||
serializer_class = serializers.ClubRead
|
||||
queryset = Club.objects.all()
|
||||
|
||||
class GroupViewSet(RightManagedModelViewSet):
|
||||
"""
|
||||
Manage Groups (api/v1/group/)
|
||||
"""
|
||||
|
||||
serializer_class = serializers.GroupRead
|
||||
queryset = Group.objects.all()
|
||||
|
@ -1,8 +1,10 @@
|
||||
from rest_framework import serializers
|
||||
from counter.models import Counter
|
||||
from core.models import User, Group
|
||||
from club.models import Club
|
||||
|
||||
|
||||
class Counter(serializers.ModelSerializer):
|
||||
class CounterRead(serializers.ModelSerializer):
|
||||
|
||||
is_open = serializers.BooleanField(read_only=True)
|
||||
barman_list = serializers.ListField(
|
||||
@ -13,3 +15,20 @@ class Counter(serializers.ModelSerializer):
|
||||
model = Counter
|
||||
fields = ('id', 'name', 'type', 'is_open', 'barman_list')
|
||||
|
||||
|
||||
class UserRead(serializers.ModelSerializer):
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
|
||||
|
||||
class ClubRead(serializers.ModelSerializer):
|
||||
|
||||
class Meta:
|
||||
model = Club
|
||||
|
||||
|
||||
class GroupRead(serializers.ModelSerializer):
|
||||
|
||||
class Meta:
|
||||
model = Group
|
||||
|
Loading…
Reference in New Issue
Block a user