Restrict profiles to lockout admins, convert to URL API

6 years ago · dd1b9be50e
parent 61ceff77e3
commit dd1b9be50e
4 changed files with 47 additions and 14 deletions
--- a/authserver/authserver/api/models.py
+++ b/authserver/authserver/api/models.py
@ -22,6 +22,9 @@ class Tool(models.Model):
        return self.name

 class Profile(models.Model):
-    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    user = models.OneToOneField(User, on_delete=models.CASCADE, editable=False)
    lockout_admin = models.BooleanField(default=False)
    authorized_tools = models.ManyToManyField(Tool)
+
+    def __str__(self):
+        return self.user.username
--- a/authserver/authserver/api/serializers.py
+++ b/authserver/authserver/api/serializers.py
@ -3,24 +3,41 @@ from rest_framework import serializers

 from . import models

-class CategorySerializer(serializers.ModelSerializer):
+class CategorySerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
+
    class Meta:
        model = models.Category
        fields = '__all__'

-class ToolSerializer(serializers.ModelSerializer):
+class ToolSerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='tool-detail', lookup_field='slug')
+    category = serializers.HyperlinkedRelatedField(
+            view_name='category-detail',
+            lookup_field='slug',
+            queryset=models.Category.objects.all()
+        )
+
    class Meta:
        model = models.Tool
        fields = '__all__'

-class ToolDataSerializer(serializers.ModelSerializer):
+class ToolDataSerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
    tools = ToolSerializer(many=True)

    class Meta:
        model = models.Category
        fields = '__all__'

-class ProfileSerializer(serializers.ModelSerializer):
+class ProfileSerializer(serializers.HyperlinkedModelSerializer):
+    user = serializers.StringRelatedField()
+    authorized_tools = serializers.SlugRelatedField(
+            many=True,
+            slug_field='slug',
+            queryset=models.Tool.objects.all()
+        )
+
    class Meta:
        model = models.Profile
        fields = '__all__'
--- a/authserver/authserver/api/views.py
+++ b/authserver/authserver/api/views.py
@ -1,5 +1,7 @@
 from django.contrib.auth.models import User
-from rest_framework import viewsets, permissions
+from rest_framework import mixins, permissions, viewsets
+
+from rest_framework.response import Response

 from . import models, serializers

@ -14,20 +16,31 @@ class CategoryViewSet(viewsets.ModelViewSet):
    queryset = models.Category.objects.all().order_by('id')
    serializer_class = serializers.CategorySerializer
    permission_classes = (IsLockoutAdmin,)
+    lookup_field='slug'

 class ToolViewSet(viewsets.ModelViewSet):
    queryset = models.Tool.objects.all().order_by('id')
    serializer_class = serializers.ToolSerializer
    permission_classes = (IsLockoutAdmin,)
+    lookup_field='slug'

-class ToolDataViewSet(viewsets.ReadOnlyModelViewSet):
-    queryset = models.Category.objects.all().order_by('id')
-    serializer_class = serializers.ToolDataSerializer
+class ToolDataViewSet(viewsets.ViewSet):
+    def list(self, request):
+        objects = models.Category.objects.all().order_by('id')
+        serializer = serializers.ToolDataSerializer(objects, many=True, context={'request': request})
+        return Response({'categories': serializer.data})

-class ProfileViewSet(viewsets.ModelViewSet):
+class ProfileViewSet(
+        mixins.RetrieveModelMixin,
+        mixins.UpdateModelMixin,
+        mixins.ListModelMixin,
+        viewsets.GenericViewSet):
    queryset = models.Profile.objects.all().order_by('-user__date_joined')
    serializer_class = serializers.ProfileSerializer
+    permission_classes = (IsLockoutAdmin,)

-class UserViewSet(viewsets.ModelViewSet):
-    queryset = models.User.objects.all().order_by('-date_joined')
+class UserViewSet(viewsets.ReadOnlyModelViewSet):
    serializer_class = serializers.UserSerializer
+
+    def get_queryset(self):
+        return User.objects.filter(username=self.request.user)
--- a/authserver/authserver/urls.py
+++ b/authserver/authserver/urls.py
@ -23,10 +23,10 @@ from rest_framework import routers
 from .api import views

 router = routers.DefaultRouter()
-router.register(r'tool', views.ToolViewSet, 'tool')
+router.register(r'tool', views.ToolViewSet)
 router.register(r'category', views.CategoryViewSet, 'category')
 router.register(r'tooldata', views.ToolDataViewSet, 'tooldata')
-router.register(r'profile', views.ProfileViewSet, 'profile')
+router.register(r'profile', views.ProfileViewSet)
 router.register(r'user', views.UserViewSet, 'user')

 urlpatterns = [