[PATCH v4 05/10] REST: Add Users to the API

Finucane, Stephen stephen.finucane at intel.com
Wed May 25 19:26:55 AEST 2016 

On 20 May 14:17, Andy Doan wrote:
> This exports user objects via the REST API.
> 
> Security Constraints:
>  * The API is read-only to authenticated users
> 
> Signed-off-by: Andy Doan <andy.doan at linaro.org>

This needs more data to be useful, IMO.

> ---
>  patchwork/rest_serializers.py    |  8 ++++++++
>  patchwork/tests/test_rest_api.py | 41 ++++++++++++++++++++++++++++++++++++++++
>  patchwork/views/rest_api.py      |  9 ++++++++-
>  3 files changed, 57 insertions(+), 1 deletion(-)
> 
> diff --git a/patchwork/rest_serializers.py b/patchwork/rest_serializers.py
> index 0bb8f23..b7e476a 100644
> --- a/patchwork/rest_serializers.py
> +++ b/patchwork/rest_serializers.py
> @@ -17,11 +17,19 @@
>  # along with Patchwork; if not, write to the Free Software
>  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
>  
> +from django.contrib.auth.models import User
> +
>  from rest_framework.serializers import HyperlinkedModelSerializer
>  
>  from patchwork.models import Person, Project
>  
>  
> +class UserSerializer(HyperlinkedModelSerializer):
> +    class Meta:
> +        model = User
> +        fields = ('username',)

We're going to need to expose a lot more information than this to make
things useful. For example: name, email, linked 'people', projects etc.

> +
> +
>  class PersonSerializer(HyperlinkedModelSerializer):
>      class Meta:
>          model = Person
> diff --git a/patchwork/tests/test_rest_api.py b/patchwork/tests/test_rest_api.py
> index 05886bd..cf72e95 100644
> --- a/patchwork/tests/test_rest_api.py
> +++ b/patchwork/tests/test_rest_api.py
> @@ -172,3 +172,44 @@ class TestPersonAPI(APITestCase):
>  
>          resp = self.client.post(self.api_url(), {'email': 'foo at f.com'})
>          self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> +
> +
> + at unittest.skipUnless(settings.ENABLE_REST_API, 'requires ENABLE_REST_API')
> +class TestUserAPI(APITestCase):
> +    fixtures = ['default_states']
> +
> +    @staticmethod
> +    def api_url(item=None):
> +        if item is None:
> +            return reverse('api_1.0:user-list')
> +        return reverse('api_1.0:user-detail', args=[item])
> +
> +    def test_anonymous_list(self):
> +        """The API should reject anonymous users."""
> +        resp = self.client.get(self.api_url())
> +        self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> +
> +    def test_authenticated_list(self):
> +        """This API requires authenticated users."""
> +        user = create_user()
> +        self.client.force_authenticate(user=user)
> +        resp = self.client.get(self.api_url())
> +        self.assertEqual(status.HTTP_200_OK, resp.status_code)
> +        self.assertEqual(1, len(resp.data))
> +        self.assertEqual(user.username, resp.data[0]['username'])
> +
> +    def test_readonly(self):
> +        defaults.project.save()
> +        user = create_maintainer(defaults.project)
> +        user.is_superuser = True
> +        user.save()
> +        self.client.force_authenticate(user=user)
> +
> +        resp = self.client.delete(self.api_url(1))
> +        self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> +
> +        resp = self.client.patch(self.api_url(1), {'email': 'foo at f.com'})
> +        self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> +
> +        resp = self.client.post(self.api_url(), {'email': 'foo at f.com'})
> +        self.assertEqual(status.HTTP_403_FORBIDDEN, resp.status_code)
> diff --git a/patchwork/views/rest_api.py b/patchwork/views/rest_api.py
> index c7e511f..2101037 100644
> --- a/patchwork/views/rest_api.py
> +++ b/patchwork/views/rest_api.py
> @@ -19,7 +19,8 @@
>  
>  from django.conf import settings
>  
> -from patchwork.rest_serializers import ProjectSerializer, PersonSerializer
> +from patchwork.rest_serializers import (
> +    ProjectSerializer, PersonSerializer, UserSerializer)
>  
>  from rest_framework import permissions
>  from rest_framework.pagination import PageNumberPagination
> @@ -88,6 +89,11 @@ class PeopleViewSet(PatchworkViewSet):
>          return qs.select_related('user__username')
>  
>  
> +class UserViewSet(PatchworkViewSet):
> +    permission_classes = (AuthenticatedReadOnly, )
> +    serializer_class = UserSerializer
> +
> +
>  class ProjectViewSet(PatchworkViewSet):
>      permission_classes = (PatchworkPermission, )
>      serializer_class = ProjectSerializer
> @@ -96,3 +102,4 @@ class ProjectViewSet(PatchworkViewSet):
>  router = DefaultRouter()
>  router.register('people', PeopleViewSet, 'person')
>  router.register('projects', ProjectViewSet, 'project')
> +router.register('user', UserViewSet, 'user')

s/user/users/

> -- 
> 2.7.4
> 
> _______________________________________________
> Patchwork mailing list
> Patchwork at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/patchwork

More information about the Patchwork mailing list