Improve dynamic_search app API. Add filter to allows users to access their own recent searches only.

mayan/apps/dynamic_search/api_views.py

@@ -6,6 +6,7 @@ from rest_framework.exceptions import ParseError
 from rest_api.filters import MayanObjectPermissionsFilter
 
 from .classes import SearchModel
+from .filters import RecentSearchUserFilter
 from .models import RecentSearch
 from .serializers import RecentSearchSerializer, SearchSerializer
 
@@ -15,10 +16,9 @@ class APIRecentSearchListView(generics.ListAPIView):
     Returns a list of all the recent searches.
     """
 
-    serializer_class = RecentSearchSerializer
+    filter_backends = (RecentSearchUserFilter,)
     queryset = RecentSearch.objects.all()
-
-    # TODO: Add filter_backend so that users can only see their own entries
+    serializer_class = RecentSearchSerializer
 
 
 class APIRecentSearchView(generics.RetrieveDestroyAPIView):
@@ -26,10 +26,9 @@ class APIRecentSearchView(generics.RetrieveDestroyAPIView):
     Returns the selected recent search details.
     """
 
-    serializer_class = RecentSearchSerializer
+    filter_backends = (RecentSearchUserFilter,)
     queryset = RecentSearch.objects.all()
-
-    # TODO: Add filter_backend so that users can only see their own entries
+    serializer_class = RecentSearchSerializer
 
 
 class APISearchView(generics.ListAPIView):
@@ -40,17 +39,22 @@ class APISearchView(generics.ListAPIView):
 
     filter_backends = (MayanObjectPermissionsFilter,)
 
-    # Placeholder serializer to avoid errors with Django REST swagger
-    serializer_class = SearchSerializer
-
     def get_queryset(self):
-        document_search = SearchModel.get('documents.Document')
-        self.serializer_class = document_search.serializer
-        self.mayan_object_permissions = {'GET': [document_search.permission]}
+        search_class = self.get_search_class()
+        if search_class.permission:
+            self.mayan_object_permissions = {'GET': (search_class.permission,)}
 
         try:
-            queryset, ids, timedelta = document_search.search(self.request.GET, self.request.user)
+            queryset, ids, timedelta = search_class.search(
+                query_string=self.request.GET, user=self.request.user
+            )
         except Exception as exception:
             raise ParseError(unicode(exception))
 
         return queryset
+
+    def get_search_class(self):
+        return SearchModel.get('documents.Document')
+
+    def get_serializer_class(self):
+        return self.get_search_class().serializer

mayan/apps/dynamic_search/filters.py

@@ -0,0 +1,11 @@
+from __future__ import unicode_literals
+
+from rest_framework.filters import BaseFilterBackend
+
+
+class RecentSearchUserFilter(BaseFilterBackend):
+    def filter_queryset(self, request, queryset, view):
+        if request.user.is_staff or request.user.is_superuser:
+            return queryset
+        else:
+            return queryset.filter(user=self.request.user)

mayan/apps/dynamic_search/models.py

@@ -17,14 +17,10 @@ from .managers import RecentSearchManager
 @python_2_unicode_compatible
 class RecentSearch(models.Model):
     """
-    Keeps a list of the n most recent search keywords for a given user
+    Keeps a list of the [n] most recent search keywords for a given user
     """
-    user = models.ForeignKey(User, verbose_name=_('User'), editable=True)
-    # Setting editable to True to workaround Django REST framework issue
-    # 1604 - https://github.com/tomchristie/django-rest-framework/issues/1604
-    # Should be fixed by DRF v2.4.4
-    # TODO: Fix after upgrade to DRF v2.4.4
 
+    user = models.ForeignKey(User, editable=False, verbose_name=_('User'))
     query = models.TextField(editable=False, verbose_name=_('Query'))
     datetime_created = models.DateTimeField(
         auto_now=True, db_index=True, verbose_name=_('Datetime created')

mayan/apps/dynamic_search/serializers.py

@@ -2,13 +2,19 @@ from __future__ import unicode_literals
 
 from rest_framework import serializers
 
+from user_management.serializers import UserSerializer
+
 from .models import RecentSearch
 
 
-class RecentSearchSerializer(serializers.ModelSerializer):
+class RecentSearchSerializer(serializers.HyperlinkedModelSerializer):
+    url = serializers.HyperlinkedIdentityField(view_name='rest_api:recentsearch-detail')
+    user = UserSerializer()
+
     class Meta:
+        fields = ('datetime_created', 'hits', 'query', 'url', 'user')
         model = RecentSearch
-        read_only_fields = ('user', 'query', 'datetime_created', 'hits')
+        read_only_fields = ('datetime_created', 'hits', 'query', 'user')
 
 
 class SearchSerializer(serializers.Serializer):