REST API app updates

- Add back support for API views but using the api_urlpatterns list. Needed for the current user API until a dynamic route router is implemented that can allow a viewset action to specify its entire URL. - Make sure the user is authenticated before trying to the user permissions. - Improve how external_object_list options are read from the class. - None authenticated users will get a blank queryset if the view doesn't require a permission. Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
2019-02-07 20:13:35 -04:00
parent e4af406d5f
commit 61ebda6e63
4 changed files with 56 additions and 21 deletions
--- a/mayan/apps/rest_api/mixins.py
+++ b/mayan/apps/rest_api/mixins.py
@@ -6,12 +6,21 @@ from mayan.apps.acls.models import AccessControlList


 class ExternalObjectListSerializerMixin(object):
-    class Meta:
-        external_object_list_model = None
-        external_object_list_permission = None
-        external_object_list_queryset = None
-        external_object_list_pk_field = None
-        external_object_list_pk_list_field = None
+    """
+    Mixin to allow serializers to get a restricted object list with minimal code.
+    This mixin adds the follow class Meta options to a serializer:
+        external_object_list_model
+        external_object_list_permission
+        external_object_list_queryset
+        external_object_list_pk_field
+        external_object_list_pk_list_field
+
+    The source queryset can also be provided overriding the
+    .get_external_object_list() method.
+    """
+    def __init__(self, *args, **kwargs):
+        super(ExternalObjectListSerializerMixin, self).__init__(*args, **kwargs)
+        self.external_object_list_options = getattr(self, 'Meta', None)

    def get_external_object_list(self):
        queryset = self.get_external_object_list_queryset()
@@ -23,14 +32,13 @@ class ExternalObjectListSerializerMixin(object):
                user=self.context['request'].user
            )

-        if self.Meta.external_object_list_pk_field:
-            id_list = (
-                self.validated_data.get(self.Meta.external_object_list_pk_field),
-            )
-        elif self.Meta.external_object_list_pk_list_field:
-            id_list = self.validated_data.get(
-                self.Meta.external_object_list_pk_list_field, ''
-            ).split(',')
+        pk_field = self.get_external_object_list_option('pk_field')
+        pk_list_field = self.get_external_object_list_option('pk_list_field')
+
+        if pk_field:
+            id_list = (self.validated_data.get(pk_field),)
+        elif pk_list_field:
+            id_list = self.validated_data.get(pk_list_field, '').split(',')
        else:
            raise ImproperlyConfigured(
                'ExternalObjectListSerializerMixin requires a '
@@ -40,11 +48,19 @@ class ExternalObjectListSerializerMixin(object):

        return queryset.filter(pk__in=id_list)

+    def get_external_object_list_option(self, option_name):
+        return getattr(
+            self.external_object_list_options, 'external_object_list_{}'.format(option_name), None
+        )
+
    def get_external_object_list_queryset(self):
-        if self.Meta.external_object_list_model:
-            queryset = self.Meta.external_object_list_model._meta.default_manager.all()
-        elif self.Meta.external_object_list_queryset:
-            return self.Meta.external_object_list_queryset
+        model = self.get_external_object_list_option('model')
+        queryset = self.get_external_object_list_option('queryset')
+
+        if model:
+            queryset = model._meta.default_manager.all()
+        elif queryset:
+            return queryset
        else:
            raise ImproperlyConfigured(
                'ExternalObjectListSerializerMixin requires a '