From e7eed9b3b0e32c4d0eeb0795e78c03b1fcb8525d Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Sun, 28 May 2017 07:11:54 +0000 Subject: [PATCH] Stop using hyperlinked relations, limit listing of users --- caremyway/api/serializers.py | 27 ++++++++++++++++----------- caremyway/api/views.py | 21 ++++++++------------- caremyway/settings.py | 2 +- caremyway/urls.py | 5 +---- 4 files changed, 26 insertions(+), 29 deletions(-) diff --git a/caremyway/api/serializers.py b/caremyway/api/serializers.py index 3f74c66..4d28019 100644 --- a/caremyway/api/serializers.py +++ b/caremyway/api/serializers.py @@ -2,22 +2,27 @@ from django.contrib.auth.models import User, Group from rest_framework import serializers from caremyway.api.models import UserInfo, Client, Provider -class UserSerializer(serializers.HyperlinkedModelSerializer): - class Meta: - model = User - fields = ('url', 'username', 'first_name', 'last_name', 'email') - -class UserInfoSerializer(serializers.HyperlinkedModelSerializer): +class UserInfoSerializer(serializers.ModelSerializer): class Meta: model = UserInfo - fields = ('url', 'user', 'phone_number') + fields = ('phone_number',) -class ClientSerializer(serializers.HyperlinkedModelSerializer): +class ClientSerializer(serializers.ModelSerializer): class Meta: model = Client - fields = ('url', 'user', 'business_number') + fields = ('business_number',) -class ProviderSerializer(serializers.HyperlinkedModelSerializer): +class ProviderSerializer(serializers.ModelSerializer): class Meta: model = Provider - fields = ('url', 'user', 'sin') + fields = ('sin',) + +class UserSerializer(serializers.ModelSerializer): + userinfo = UserInfoSerializer() + client = ClientSerializer() + provider = ProviderSerializer() + + class Meta: + model = User + fields = ('id', 'username', 'is_active', 'first_name', 'last_name', 'email', 'userinfo', 'client', 'provider') + depth = 1 diff --git a/caremyway/api/views.py b/caremyway/api/views.py index 36b2255..5c66a99 100644 --- a/caremyway/api/views.py +++ b/caremyway/api/views.py @@ -3,21 +3,16 @@ from django.shortcuts import render # Create your views here. from django.contrib.auth.models import User, Group from caremyway.api.models import UserInfo, Client, Provider -from rest_framework import viewsets +from rest_framework import viewsets, permissions from caremyway.api.serializers import UserSerializer, UserInfoSerializer, ClientSerializer, ProviderSerializer class UserViewSet(viewsets.ModelViewSet): - queryset = User.objects.all().order_by('-date_joined') serializer_class = UserSerializer + lookup_field = 'username' -class UserInfoViewSet(viewsets.ModelViewSet): - queryset = UserInfo.objects.all().order_by('-id') - serializer_class = UserInfoSerializer - -class ClientViewSet(viewsets.ModelViewSet): - queryset = Client.objects.all().order_by('-id') - serializer_class = ClientSerializer - -class ProviderViewSet(viewsets.ModelViewSet): - queryset = Provider.objects.all().order_by('-id') - serializer_class = ProviderSerializer + def get_queryset(self): + user = self.request.user + if user.is_staff: + return User.objects.all().order_by('-date_joined') + else: + return User.objects.filter(username=user) diff --git a/caremyway/settings.py b/caremyway/settings.py index 2b8d082..9e41f6d 100644 --- a/caremyway/settings.py +++ b/caremyway/settings.py @@ -67,7 +67,7 @@ AUTHENTICATION_BACKENDS = ( REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.permissions.IsAdminUser', + 'rest_framework.permissions.IsAuthenticated', ], 'DEFAULT_AUTHENTICATION_CLASSES': ( #'rest_framework.authentication.BasicAuthentication', diff --git a/caremyway/urls.py b/caremyway/urls.py index 501ad12..5487c88 100644 --- a/caremyway/urls.py +++ b/caremyway/urls.py @@ -18,10 +18,7 @@ from rest_framework import routers from caremyway.api import views router = routers.DefaultRouter() -router.register(r'users', views.UserViewSet) -router.register(r'userinfos', views.UserInfoViewSet) -router.register(r'clients', views.ClientViewSet) -router.register(r'providers', views.ProviderViewSet) +router.register(r'users', views.UserViewSet, 'user') # Wire up our API using automatic URL routing. # Additionally, we include login URLs for the browsable API.