Commit 2822d947 authored by Sli's avatar Sli
Browse files

Enhaced API : look for permissions, automaticly add /{pk}/id, added

users, groups and clubs
parent 1a6373e9
Pipeline #99 failed with stage
in 2 minutes and 3 seconds
......@@ -6,6 +6,9 @@ from rest_framework import routers
# Router config
router = routers.DefaultRouter()
router.register(r'counter', CounterViewSet, base_name='api_counter')
router.register(r'user', UserViewSet, base_name='api_user')
router.register(r'club', ClubViewSet, base_name='api_club')
router.register(r'group', GroupViewSet, base_name='api_group')
urlpatterns = [
from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from core.views import can_view, can_edit
class RightManagedModelViewSet(viewsets.ModelViewSet):
def id(self, request, pk=None):
Get by id (api/v1/router/{pk}/id/)
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(
def dispatch(self, request, *arg, **kwargs):
res = super(RightManagedModelViewSet,
self).dispatch(request, *arg, **kwargs)
obj = self.queryset
user = self.request.user
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method == 'PUSH' and can_edit(obj, user)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied
from .api import *
from .serializers import *
\ No newline at end of file
......@@ -7,8 +7,10 @@ from rest_framework.decorators import list_route
from core.templatetags.renderer import markdown
from counter.models import Counter
from core.models import User, Group
from club.models import Club
from api.views import serializers
from api.views import RightManagedModelViewSet
def RenderMarkdown(request):
......@@ -19,28 +21,45 @@ def RenderMarkdown(request):
return Response(markdown(request.GET['text']))
class CounterViewSet(viewsets.ModelViewSet):
class CounterViewSet(RightManagedModelViewSet):
Manage Counters (api/v1/counter)
Manage Counters (api/v1/counter/)
serializer_class = serializers.Counter
serializer_class = serializers.CounterRead
queryset = Counter.objects.all()
def bar(self, request):
Return all bars (api/v1/counter/bar)
Return all bars (api/v1/counter/bar/)
self.queryset = Counter.objects.filter(type="BAR")
self.queryset = self.queryset.filter(type="BAR")
serializer = self.get_serializer(self.queryset, many=True)
return Response(
def id(self, request, pk=None):
Get by id (api/v1/{nk}/id)
self.queryset = get_object_or_404(Counter.objects.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(
class UserViewSet(RightManagedModelViewSet):
Manage Users (api/v1/user/)
serializer_class = serializers.UserRead
queryset = User.objects.all()
class ClubViewSet(RightManagedModelViewSet):
Manage Clubs (api/v1/club/)
serializer_class = serializers.ClubRead
queryset = Club.objects.all()
class GroupViewSet(RightManagedModelViewSet):
Manage Groups (api/v1/group/)
serializer_class = serializers.GroupRead
queryset = Group.objects.all()
from rest_framework import serializers
from counter.models import Counter
from core.models import User, Group
from club.models import Club
class Counter(serializers.ModelSerializer):
class CounterRead(serializers.ModelSerializer):
is_open = serializers.BooleanField(read_only=True)
barman_list = serializers.ListField(
child = serializers.IntegerField()
class Meta:
model = Counter
fields = ('id', 'name', 'type', 'is_open', 'barman_list')
class UserRead(serializers.ModelSerializer):
class Meta:
model = User
class ClubRead(serializers.ModelSerializer):
class Meta:
model = Club
class GroupRead(serializers.ModelSerializer):
class Meta:
model = Group
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment