matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update the user group map API view to match the rest of the user management API endpoints.

Browse Source
This commit is contained in:
Roberto Rosario
2017-01-15 02:40:08 -04:00
parent 0ddd766dfa
commit b32bc93a70
3 changed files with 113 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
mayan/apps/user_management/api_views.py
View File

@@ -1,12 +1,12 @@
from __future__ import unicode_literals from __future__ import unicode_literals
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group, User from django.contrib.auth.models import Group
from django.shortcuts import get_object_or_404
from rest_framework import generics from rest_framework import generics
from rest_framework.response import Response
from rest_framework.views import APIView
from acls.models import AccessControlList
from rest_api.filters import MayanObjectPermissionsFilter from rest_api.filters import MayanObjectPermissionsFilter
from rest_api.permissions import MayanPermission from rest_api.permissions import MayanPermission
@@ -15,8 +15,44 @@ from .permissions import (
permission_group_view, permission_user_create, permission_user_delete, permission_group_view, permission_user_create, permission_user_delete,
permission_user_edit, permission_user_view permission_user_edit, permission_user_view
) )
from .serializers import GroupSerializer, UserSerializer from .serializers import (
from rest_framework import authentication, permissions GroupSerializer, UserSerializer, UserGroupListSerializer
)
class APICurrentUserView(generics.RetrieveUpdateDestroyAPIView):
serializer_class = UserSerializer
def get_object(self):
return self.request.user
def delete(self, *args, **kwargs):
"""
Delete the current user.
"""
return super(APICurrentUserView, self).delete(*args, **kwargs)
def get(self, *args, **kwargs):
"""
Return the details of the current user.
"""
return super(APICurrentUserView, self).get(*args, **kwargs)
def patch(self, *args, **kwargs):
"""
Partially edit the current user.
"""
return super(APICurrentUserView, self).patch(*args, **kwargs)
def put(self, *args, **kwargs):
"""
Edit the current user.
"""
return super(APICurrentUserView, self).put(*args, **kwargs)
class APIGroupListView(generics.ListCreateAPIView): class APIGroupListView(generics.ListCreateAPIView):
@@ -144,74 +180,50 @@ class APIUserView(generics.RetrieveUpdateDestroyAPIView):
return super(APIUserView, self).put(*args, **kwargs) return super(APIUserView, self).put(*args, **kwargs)
class APICurrentUserView(generics.RetrieveUpdateDestroyAPIView): class APIUserGroupList(generics.ListCreateAPIView):
serializer_class = UserSerializer
def get_object(self):
return self.request.user
def delete(self, *args, **kwargs):
"""
Delete the current user.
"""
return super(APICurrentUserView, self).delete(*args, **kwargs)
def get(self, *args, **kwargs):
"""
Return the details of the current user.
"""
return super(APICurrentUserView, self).get(*args, **kwargs)
def patch(self, *args, **kwargs):
"""
Partially edit the current user.
"""
return super(APICurrentUserView, self).patch(*args, **kwargs)
def put(self, *args, **kwargs):
"""
Edit the current user.
"""
return super(APICurrentUserView, self).put(*args, **kwargs)
class APIUserGroupMap(APIView):
""" """
View to map user with groups Returns a list of all the groups to which an user belongs.
**Arguments:**
- request: Http request object.
- pk:primary key of User
**Returns:** User Details
**Raises:** Nothing.
This methods handles http POST request.
This method map users with group.
* Requires token authentication.\n
* Only admin users are able to access this view.
""" """
authentication_classes = (authentication.TokenAuthentication,)
permission_classes = (permissions.IsAdminUser,) mayan_object_permissions = {
'GET': (permission_user_view,),
def post(self, request,pk,format=None): 'POST': (permission_user_edit,)
}
permission_classes = (MayanPermission,)
def get_serializer_class(self):
if self.request.method == 'GET':
return GroupSerializer
elif self.request.method == 'POST':
return UserGroupListSerializer
def get_serializer_context(self):
""" """
Maps user with groups Extra context provided to the serializer class.
""" """
groups = request.POST['group_ids'].split(',') return {
userObj = User.objects.get(pk=pk) 'format': self.format_kwarg,
for group in groups: 'request': self.request,
groupObj = Group.objects.get(pk=group) 'user': self.get_user(),
groupObj.user_set.add(userObj) 'view': self
mapped_group_ids = userObj.groups.all().values_list('id', flat=True) }
result = { "id":userObj.id,"groups":mapped_group_ids,"username":userObj.username,
"fname":userObj.first_name,"lname":userObj.last_name } def get_queryset(self):
return Response({ 'data':result }) user = self.get_user()
return AccessControlList.objects.filter_by_access(
permission_group_view, self.request.user,
queryset=user.groups.all()
)
def get_user(self):
return get_object_or_404(get_user_model(), pk=self.kwargs['pk'])
def perform_create(self, serializer):
serializer.save(user=self.get_user())
def post(self, request, *args, **kwargs):
"""
Add a user to a list of groups.
"""
return super(APIUserGroupList, self).post(request, *args, **kwargs)

23
mayan/apps/user_management/serializers.py
View File

@@ -3,8 +3,10 @@ from __future__ import unicode_literals
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.contrib.auth.password_validation import validate_password from django.contrib.auth.password_validation import validate_password
from django.utils.translation import ugettext_lazy as _
from rest_framework import serializers from rest_framework import serializers
from rest_framework.exceptions import ValidationError
class GroupSerializer(serializers.HyperlinkedModelSerializer): class GroupSerializer(serializers.HyperlinkedModelSerializer):
@@ -21,6 +23,27 @@ class GroupSerializer(serializers.HyperlinkedModelSerializer):
return instance.user_set.count() return instance.user_set.count()
class UserGroupListSerializer(serializers.Serializer):
group_pk_list = serializers.CharField(
help_text=_(
'Comma separated list of group primary keys to assign this '
'user to.'
)
)
def create(self, validated_data):
validated_data['user'].groups.clear()
try:
pk_list = validated_data['group_pk_list'].split(',')
for group in Group.objects.filter(pk__in=pk_list):
validated_data['user'].groups.add(group)
except Exception as exception:
raise ValidationError(exception)
return {'group_pk_list': validated_data['group_pk_list']}
class UserSerializer(serializers.HyperlinkedModelSerializer): class UserSerializer(serializers.HyperlinkedModelSerializer):
groups = GroupSerializer(many=True) groups = GroupSerializer(many=True)

10
mayan/apps/user_management/urls.py
View File

@@ -3,8 +3,8 @@ from __future__ import unicode_literals
from django.conf.urls import url from django.conf.urls import url
from .api_views import ( from .api_views import (
APICurrentUserView, APIGroupListView, APIGroupView, APIUserListView, APICurrentUserView, APIGroupListView, APIGroupView, APIUserGroupList,
APIUserView, APIUserGroupMap APIUserListView, APIUserView
) )
from .views import ( from .views import (
GroupCreateView, GroupDeleteView, GroupEditView, GroupListView, GroupCreateView, GroupDeleteView, GroupEditView, GroupListView,
@@ -64,6 +64,8 @@ api_urls = [
url( url(
r'^users/current/$', APICurrentUserView.as_view(), name='user-current' r'^users/current/$', APICurrentUserView.as_view(), name='user-current'
), ),
url(r'^users/(?P<pk>[0-9]+)/groups/$',APIUserGroupMap.as_view(), url(
name='users-group-map'), r'^users/(?P<pk>[0-9]+)/groups/$', APIUserGroupList.as_view(),
name='users-group-list'
),
] ]