[PATCH 37/51] api: Expose a self object

Damien Lespiau damien.lespiau at intel.com
Sat Sep 12 01:55:10 AEST 2015


I'd like to add specific action/request for the logged in user, so let's
start to expose a 'self' object.

For privacy reasons, the API doesn't allow to list all the users and
each user can only access its own object.

Signed-off-by: Damien Lespiau <damien.lespiau at intel.com>
---
 patchwork/serializers.py |  6 ++++++
 patchwork/urls.py        |  4 ++++
 patchwork/views/api.py   | 18 +++++++++++++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/patchwork/serializers.py b/patchwork/serializers.py
index 05c9f15..edffb6b 100644
--- a/patchwork/serializers.py
+++ b/patchwork/serializers.py
@@ -17,9 +17,15 @@
 # along with Patchwork; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
+from django.contrib.auth.models import User
 from patchwork.models import Project, Series, SeriesRevision, Patch
 from rest_framework import serializers
 
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ('username', 'first_name', 'last_name', )
+
 class ProjectSerializer(serializers.HyperlinkedModelSerializer):
     class Meta:
         model = Project
diff --git a/patchwork/urls.py b/patchwork/urls.py
index 68ec759..7052941 100644
--- a/patchwork/urls.py
+++ b/patchwork/urls.py
@@ -27,6 +27,9 @@ import patchwork.views.api as api
 
 # API
 
+# /self
+users_router = routers.SimpleRouter()
+users_router.register('self', api.UserViewSet)
 # /projects/$project/
 project_router = routers.SimpleRouter()
 project_router.register('projects', api.ProjectViewSet)
@@ -48,6 +51,7 @@ urlpatterns = patterns('',
     url(r'^admin/', include(admin.site.urls)),
 
     # API
+    (r'^api/1.0/', include(users_router.urls)),
     (r'^api/1.0/', include(project_router.urls)),
     (r'^api/1.0/', include(series_list_router.urls)),
     (r'^api/1.0/', include(series_router.urls)),
diff --git a/patchwork/views/api.py b/patchwork/views/api.py
index e8229ed..a0904b2 100644
--- a/patchwork/views/api.py
+++ b/patchwork/views/api.py
@@ -17,12 +17,13 @@
 # along with Patchwork; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
+from django.contrib.auth.models import User
 from patchwork.models import Project, Series, SeriesRevision
 from rest_framework import viewsets, mixins, generics, filters, permissions
 from rest_framework.response import Response
 from rest_framework.generics import get_object_or_404
 from patchwork.serializers import ProjectSerializer, SeriesSerializer, \
-                                  RevisionSerializer
+                                  RevisionSerializer, UserSerializer
 
 class MaintainerPermission(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):
@@ -36,6 +37,21 @@ class MaintainerPermission(permissions.BasePermission):
             return False
         return obj.project.is_editable(user)
 
+class UserPermission(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        # user data can be sensitive, only the user itself can access this
+        # information
+        return obj == request.user
+
+class UserViewSet(viewsets.ViewSet):
+    permission_classes = (UserPermission, )
+    model = User
+
+    def list(self, request):
+        self = User.objects.get(pk=request.user.pk)
+        serializer = UserSerializer(self)
+        return Response(serializer.data)
+
 class ProjectViewSet(viewsets.ViewSet):
     permission_classes = (MaintainerPermission, )
     model = Project
-- 
2.1.0



More information about the Patchwork mailing list