[PATCH 37/51] api: Expose a self object
Damien Lespiau
damien.lespiau at intel.com
Sat Sep 12 01:55:10 AEST 2015
I'd like to add specific action/request for the logged in user, so let's
start to expose a 'self' object.
For privacy reasons, the API doesn't allow to list all the users and
each user can only access its own object.
Signed-off-by: Damien Lespiau <damien.lespiau at intel.com>
---
patchwork/serializers.py | 6 ++++++
patchwork/urls.py | 4 ++++
patchwork/views/api.py | 18 +++++++++++++++++-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/patchwork/serializers.py b/patchwork/serializers.py
index 05c9f15..edffb6b 100644
--- a/patchwork/serializers.py
+++ b/patchwork/serializers.py
@@ -17,9 +17,15 @@
# along with Patchwork; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+from django.contrib.auth.models import User
from patchwork.models import Project, Series, SeriesRevision, Patch
from rest_framework import serializers
+class UserSerializer(serializers.ModelSerializer):
+ class Meta:
+ model = User
+ fields = ('username', 'first_name', 'last_name', )
+
class ProjectSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Project
diff --git a/patchwork/urls.py b/patchwork/urls.py
index 68ec759..7052941 100644
--- a/patchwork/urls.py
+++ b/patchwork/urls.py
@@ -27,6 +27,9 @@ import patchwork.views.api as api
# API
+# /self
+users_router = routers.SimpleRouter()
+users_router.register('self', api.UserViewSet)
# /projects/$project/
project_router = routers.SimpleRouter()
project_router.register('projects', api.ProjectViewSet)
@@ -48,6 +51,7 @@ urlpatterns = patterns('',
url(r'^admin/', include(admin.site.urls)),
# API
+ (r'^api/1.0/', include(users_router.urls)),
(r'^api/1.0/', include(project_router.urls)),
(r'^api/1.0/', include(series_list_router.urls)),
(r'^api/1.0/', include(series_router.urls)),
diff --git a/patchwork/views/api.py b/patchwork/views/api.py
index e8229ed..a0904b2 100644
--- a/patchwork/views/api.py
+++ b/patchwork/views/api.py
@@ -17,12 +17,13 @@
# along with Patchwork; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+from django.contrib.auth.models import User
from patchwork.models import Project, Series, SeriesRevision
from rest_framework import viewsets, mixins, generics, filters, permissions
from rest_framework.response import Response
from rest_framework.generics import get_object_or_404
from patchwork.serializers import ProjectSerializer, SeriesSerializer, \
- RevisionSerializer
+ RevisionSerializer, UserSerializer
class MaintainerPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
@@ -36,6 +37,21 @@ class MaintainerPermission(permissions.BasePermission):
return False
return obj.project.is_editable(user)
+class UserPermission(permissions.BasePermission):
+ def has_object_permission(self, request, view, obj):
+ # user data can be sensitive, only the user itself can access this
+ # information
+ return obj == request.user
+
+class UserViewSet(viewsets.ViewSet):
+ permission_classes = (UserPermission, )
+ model = User
+
+ def list(self, request):
+ self = User.objects.get(pk=request.user.pk)
+ serializer = UserSerializer(self)
+ return Response(serializer.data)
+
class ProjectViewSet(viewsets.ViewSet):
permission_classes = (MaintainerPermission, )
model = Project
--
2.1.0
More information about the Patchwork
mailing list