Add card numbers and updating to auth server

This commit is contained in:
Tanner Collin 2018-11-10 19:33:41 -07:00
parent 6ec97db073
commit 790725c29e
6 changed files with 81 additions and 5 deletions

View File

@ -54,6 +54,13 @@ In subsequent requests, the token key should be included in the `Authorization`
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
```
Example authenticated request:
```
curl -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" http://tools-auth.protospace.ca/user/
```
### For anonymous users
#### GET `/tooldata/`
@ -128,10 +135,11 @@ Example response:
```
[
{
"username": "admin",
"username": "tanner.collin",
"profile": {
"url": "http://tools-auth.protospace.ca/profile/1/",
"user": "admin",
"url": "http://tools-auth.protospace.ca/profile/2/",
"user": "tanner.collin",
"card": "00000A4123",
"authorized_tools": [
"table-saw",
"jointer"
@ -173,3 +181,33 @@ Get a list of all profiles.
Get a specific profile, or modify an existing one.
Here you can authorize users on tools or make them another lockout admin.
#### PUT `/update-cards/`
Send a dictionary of username=card_number pairs to update any profiles already in the system. Users not already registered will be ignored.
Responds with the number of profiles updated.
Operation is idempotent.
Example PUT data:
```
{
"tanner.collin": "00000A4123",
"matthew.mulrooney": "00000B8567",
"not-a-member": "539830843A"
}
```
Example response:
```
{"updated":2}
```
Example request:
```
curl -X PUT -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b" -d tanner.collin=00000A4123 -d matthew.mulrooney=00000B8567 http://tools-auth.protospace.ca/update-cards/
```

View File

@ -5,3 +5,4 @@ from . import models
admin.site.register(models.Category)
admin.site.register(models.Tool)
admin.site.register(models.Profile)
admin.site.register(models.Card)

View File

@ -29,3 +29,10 @@ class Profile(models.Model):
def __str__(self):
return self.user.username
class Card(models.Model):
profile = models.OneToOneField(Profile, on_delete=models.CASCADE, editable=False)
number = models.CharField(max_length=10)
def __str__(self):
return self.number

View File

@ -32,6 +32,11 @@ class ToolDataSerializer(serializers.HyperlinkedModelSerializer):
class ProfileSerializer(serializers.HyperlinkedModelSerializer):
user = serializers.StringRelatedField()
card = serializers.SlugRelatedField(
allow_null=True,
slug_field='number',
queryset=models.Card.objects.all()
)
authorized_tools = serializers.SlugRelatedField(
many=True,
slug_field='slug',

View File

@ -1,10 +1,11 @@
import requests
import json
from django.contrib.auth.models import User
from rest_framework import mixins, permissions, status, viewsets
from rest_framework.authtoken.models import Token
from rest_framework.decorators import api_view
from rest_framework.decorators import api_view, permission_classes
from rest_framework.response import Response
from . import models, serializers
@ -74,3 +75,26 @@ def login(request):
token, _ = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=status.HTTP_200_OK)
@api_view(["PUT"])
@permission_classes((IsLockoutAdmin,))
def update_cards(request):
data = request.data
updated_count = 0
if not data:
return Response({'error': 'Please provide card data in the form username=cardnumber'},
status=status.HTTP_400_BAD_REQUEST)
for username, card_number in data.items():
try:
profile = models.Profile.objects.get(user__username=username)
card, _ = models.Card.objects.update_or_create(
profile=profile,
defaults={'number': card_number}
)
if card: updated_count += 1
except:
continue
return Response({'updated': updated_count}, status=status.HTTP_200_OK)

View File

@ -33,7 +33,8 @@ urlpatterns = [
url(r'^', include(router.urls)),
url(r'^admin/', admin.site.urls),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
url(r'^login/', views.login)
url(r'^login/', views.login),
url(r'^update-cards/', views.update_cards)
]
if settings.DEBUG is True: