Restrict profiles to lockout admins, convert to URL API

This commit is contained in:
Tanner Collin 2018-09-14 02:57:30 -06:00
parent 61ceff77e3
commit dd1b9be50e
4 changed files with 47 additions and 14 deletions

View File

@ -22,6 +22,9 @@ class Tool(models.Model):
return self.name
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
user = models.OneToOneField(User, on_delete=models.CASCADE, editable=False)
lockout_admin = models.BooleanField(default=False)
authorized_tools = models.ManyToManyField(Tool)
def __str__(self):
return self.user.username

View File

@ -3,24 +3,41 @@ from rest_framework import serializers
from . import models
class CategorySerializer(serializers.ModelSerializer):
class CategorySerializer(serializers.HyperlinkedModelSerializer):
url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
class Meta:
model = models.Category
fields = '__all__'
class ToolSerializer(serializers.ModelSerializer):
class ToolSerializer(serializers.HyperlinkedModelSerializer):
url = serializers.HyperlinkedIdentityField(view_name='tool-detail', lookup_field='slug')
category = serializers.HyperlinkedRelatedField(
view_name='category-detail',
lookup_field='slug',
queryset=models.Category.objects.all()
)
class Meta:
model = models.Tool
fields = '__all__'
class ToolDataSerializer(serializers.ModelSerializer):
class ToolDataSerializer(serializers.HyperlinkedModelSerializer):
url = serializers.HyperlinkedIdentityField(view_name='category-detail', lookup_field='slug')
tools = ToolSerializer(many=True)
class Meta:
model = models.Category
fields = '__all__'
class ProfileSerializer(serializers.ModelSerializer):
class ProfileSerializer(serializers.HyperlinkedModelSerializer):
user = serializers.StringRelatedField()
authorized_tools = serializers.SlugRelatedField(
many=True,
slug_field='slug',
queryset=models.Tool.objects.all()
)
class Meta:
model = models.Profile
fields = '__all__'

View File

@ -1,5 +1,7 @@
from django.contrib.auth.models import User
from rest_framework import viewsets, permissions
from rest_framework import mixins, permissions, viewsets
from rest_framework.response import Response
from . import models, serializers
@ -14,20 +16,31 @@ class CategoryViewSet(viewsets.ModelViewSet):
queryset = models.Category.objects.all().order_by('id')
serializer_class = serializers.CategorySerializer
permission_classes = (IsLockoutAdmin,)
lookup_field='slug'
class ToolViewSet(viewsets.ModelViewSet):
queryset = models.Tool.objects.all().order_by('id')
serializer_class = serializers.ToolSerializer
permission_classes = (IsLockoutAdmin,)
lookup_field='slug'
class ToolDataViewSet(viewsets.ReadOnlyModelViewSet):
queryset = models.Category.objects.all().order_by('id')
serializer_class = serializers.ToolDataSerializer
class ToolDataViewSet(viewsets.ViewSet):
def list(self, request):
objects = models.Category.objects.all().order_by('id')
serializer = serializers.ToolDataSerializer(objects, many=True, context={'request': request})
return Response({'categories': serializer.data})
class ProfileViewSet(viewsets.ModelViewSet):
class ProfileViewSet(
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
mixins.ListModelMixin,
viewsets.GenericViewSet):
queryset = models.Profile.objects.all().order_by('-user__date_joined')
serializer_class = serializers.ProfileSerializer
permission_classes = (IsLockoutAdmin,)
class UserViewSet(viewsets.ModelViewSet):
queryset = models.User.objects.all().order_by('-date_joined')
class UserViewSet(viewsets.ReadOnlyModelViewSet):
serializer_class = serializers.UserSerializer
def get_queryset(self):
return User.objects.filter(username=self.request.user)

View File

@ -23,10 +23,10 @@ from rest_framework import routers
from .api import views
router = routers.DefaultRouter()
router.register(r'tool', views.ToolViewSet, 'tool')
router.register(r'tool', views.ToolViewSet)
router.register(r'category', views.CategoryViewSet, 'category')
router.register(r'tooldata', views.ToolDataViewSet, 'tooldata')
router.register(r'profile', views.ProfileViewSet, 'profile')
router.register(r'profile', views.ProfileViewSet)
router.register(r'user', views.UserViewSet, 'user')
urlpatterns = [