Add complete role API endpoints (role create, patch, put, delete,

add/update role groups, add/update role permissions).
2017-01-30 18:33:06 -04:00
parent 3634284c5c
commit e2c8f7b3fc
5 changed files with 272 additions and 15 deletions
--- a/mayan/apps/permissions/api_views.py
+++ b/mayan/apps/permissions/api_views.py
@@ -11,7 +11,9 @@ from .permissions import (
    permission_role_create, permission_role_delete, permission_role_edit,
    permission_role_view
 )
-from .serializers import PermissionSerializer, RoleSerializer
+from .serializers import (
+    PermissionSerializer, RoleSerializer, WritableRoleSerializer
+)


 class APIPermissionList(generics.ListAPIView):
@@ -27,13 +29,11 @@ class APIPermissionList(generics.ListAPIView):


 class APIRoleListView(generics.ListCreateAPIView):
-    serializer_class = RoleSerializer
-    queryset = Role.objects.all()
-
-    permission_classes = (MayanPermission,)
    filter_backends = (MayanObjectPermissionsFilter,)
    mayan_object_permissions = {'GET': (permission_role_view,)}
    mayan_view_permissions = {'POST': (permission_role_create,)}
+    permission_classes = (MayanPermission,)
+    queryset = Role.objects.all()

    def get(self, *args, **kwargs):
        """
@@ -42,6 +42,12 @@ class APIRoleListView(generics.ListCreateAPIView):

        return super(APIRoleListView, self).get(*args, **kwargs)

+    def get_serializer_class(self):
+        if self.request.method == 'GET':
+            return RoleSerializer
+        elif self.request.method == 'POST':
+            return WritableRoleSerializer
+
    def post(self, *args, **kwargs):
        """
        Create a new role.
@@ -51,16 +57,14 @@ class APIRoleListView(generics.ListCreateAPIView):


 class APIRoleView(generics.RetrieveUpdateDestroyAPIView):
-    serializer_class = RoleSerializer
-    queryset = Role.objects.all()
-
-    permission_classes = (MayanPermission,)
    mayan_object_permissions = {
        'GET': (permission_role_view,),
        'PUT': (permission_role_edit,),
        'PATCH': (permission_role_edit,),
        'DELETE': (permission_role_delete,)
    }
+    permission_classes = (MayanPermission,)
+    queryset = Role.objects.all()

    def delete(self, *args, **kwargs):
        """
@@ -76,6 +80,12 @@ class APIRoleView(generics.RetrieveUpdateDestroyAPIView):

        return super(APIRoleView, self).get(*args, **kwargs)

+    def get_serializer_class(self):
+        if self.request.method == 'GET':
+            return RoleSerializer
+        elif self.request.method in ('PATCH', 'PUT'):
+            return WritableRoleSerializer
+
    def patch(self, *args, **kwargs):
        """
        Edit the selected role.