Stop using hyperlinked relations, limit listing of users

caremyway/api/serializers.py

@@ -2,22 +2,27 @@ from django.contrib.auth.models import User, Group
 from rest_framework import serializers
 from caremyway.api.models import UserInfo, Client, Provider
 
-class UserSerializer(serializers.HyperlinkedModelSerializer):
-    class Meta:
-        model = User
-        fields = ('url', 'username', 'first_name', 'last_name', 'email')
-
-class UserInfoSerializer(serializers.HyperlinkedModelSerializer):
+class UserInfoSerializer(serializers.ModelSerializer):
     class Meta:
         model = UserInfo
-        fields = ('url', 'user', 'phone_number')
+        fields = ('phone_number',)
 
-class ClientSerializer(serializers.HyperlinkedModelSerializer):
+class ClientSerializer(serializers.ModelSerializer):
     class Meta:
         model = Client
-        fields = ('url', 'user', 'business_number')
+        fields = ('business_number',)
 
-class ProviderSerializer(serializers.HyperlinkedModelSerializer):
+class ProviderSerializer(serializers.ModelSerializer):
     class Meta:
         model = Provider
-        fields = ('url', 'user', 'sin')
+        fields = ('sin',)
+
+class UserSerializer(serializers.ModelSerializer):
+    userinfo = UserInfoSerializer()
+    client = ClientSerializer()
+    provider = ProviderSerializer()
+
+    class Meta:
+        model = User
+        fields = ('id', 'username', 'is_active', 'first_name', 'last_name', 'email', 'userinfo', 'client', 'provider')
+        depth = 1

caremyway/api/views.py

@@ -3,21 +3,16 @@ from django.shortcuts import render
 # Create your views here.
 from django.contrib.auth.models import User, Group
 from caremyway.api.models import UserInfo, Client, Provider
-from rest_framework import viewsets
+from rest_framework import viewsets, permissions
 from caremyway.api.serializers import UserSerializer, UserInfoSerializer, ClientSerializer, ProviderSerializer
 
 class UserViewSet(viewsets.ModelViewSet):
-    queryset = User.objects.all().order_by('-date_joined')
     serializer_class = UserSerializer
+    lookup_field = 'username'
 
-class UserInfoViewSet(viewsets.ModelViewSet):
-    queryset = UserInfo.objects.all().order_by('-id')
-    serializer_class = UserInfoSerializer
-
-class ClientViewSet(viewsets.ModelViewSet):
-    queryset = Client.objects.all().order_by('-id')
-    serializer_class = ClientSerializer
-
-class ProviderViewSet(viewsets.ModelViewSet):
-    queryset = Provider.objects.all().order_by('-id')
-    serializer_class = ProviderSerializer
+    def get_queryset(self):
+        user = self.request.user
+        if user.is_staff:
+            return User.objects.all().order_by('-date_joined')
+        else:
+            return User.objects.filter(username=user)

caremyway/settings.py

@@ -67,7 +67,7 @@ AUTHENTICATION_BACKENDS = (
 
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.IsAdminUser',
+        'rest_framework.permissions.IsAuthenticated',
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': (
         #'rest_framework.authentication.BasicAuthentication',

caremyway/urls.py

@@ -18,10 +18,7 @@ from rest_framework import routers
 from caremyway.api import views
 
 router = routers.DefaultRouter()
-router.register(r'users', views.UserViewSet)
-router.register(r'userinfos', views.UserInfoViewSet)
-router.register(r'clients', views.ClientViewSet)
-router.register(r'providers', views.ProviderViewSet)
+router.register(r'users', views.UserViewSet, 'user')
 
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.