class LicenceViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Licence.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module(serializers.licences) permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, ( permissions.IsSigner | IsAdmin ) ], utils.Actions.RETRIEVE: IsAuthenticated, utils.Actions.DESTROY: [ IsAuthenticated, ( permissions.IsSigner | IsAdmin ) ], })
class AnnotationVoteViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.AnnotationVote.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.annotations.votes) permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, permissions.IsCreator | IsAdmin, ], utils.Actions.RETRIEVE: [ IsAuthenticated, ( permissions.HasViewPermission | permissions.IsCreator | permissions.IsOpen | IsSpecialUser ), ], utils.Actions.DESTROY: [ IsAuthenticated, permissions.IsCreator | IsAdmin, ], })
class EventTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.EventType.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping( { utils.Actions.RETRIEVE: IsAuthenticated, utils.Actions.UPDATE: [IsAuthenticated, IsDeveloper | IsAdmin], }, default=IsDeveloper | IsAdmin) serializer_mapping = (utils.SerializerMapping.from_module( serializers.object_types.events).extend( add_term_types=serializers.object_types.terms.SelectSerializer, remove_term_types=serializers.object_types.terms.SelectSerializer, )) @action(detail=True, methods=['POST']) def add_term_types(self, request, pk=None): return self.add_related_object_view(models.TermType, 'term_type') @action(detail=True, methods=['POST']) def remove_term_types(self, request, pk=None): return self.remove_related_object_view('term_type')
class CollectionDeviceViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.CollectionDevice.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.data_collections.devices) permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, (permissions.IsOwner | permissions.HasUpdatePermission | IsAdmin), ], utils.Actions.RETRIEVE: [ IsAuthenticated, (permissions.IsOwner | permissions.HasViewPermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | IsSpecialUser), ], utils.Actions.DESTROY: [ IsAuthenticated, (permissions.IsOwner | IsAdmin), ] })
class SiteViewSet(utils.CustomViewSetMixin, ModelViewSet): queryset = models.Site.objects.all() # pylint: disable=E1101 filterset_class = filters.sites.Filter search_fields = filters.sites.search_fields serializer_mapping = ( utils.SerializerMapping .from_module(serializers.sites) .extend( types=serializers.object_types.sites.ListSerializer, add_type=serializers.object_types.sites.CreateSerializer, )) permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, ( permissions.IsCreator | IsAdmin ) ], utils.Actions.DESTROY: [ IsAuthenticated, ( permissions.IsCreator | IsAdmin ) ], 'add_type': [IsAuthenticated, IsAdmin] }, default=IsAuthenticated) def get_serializer_class(self): if self.action == utils.Actions.RETRIEVE: user = self.request.user site = self.get_object() if site.has_coordinate_permission(user): return serializers.sites.FullDetailSerializer return serializers.sites.DetailSerializer return super().get_serializer_class() def get_queryset(self): if self.action == 'types': return models.SiteType.objects.all() # pylint: disable=E1101 return super().get_queryset() @action( detail=False, methods=['GET'], filterset_class=filters.site_types.Filter, search_fields=filters.site_types.search_fields) def types(self, request): return self.list_related_object_view() @types.mapping.post def add_type(self, request): return self.create_related_object_view()
class AnnotationToolViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.AnnotationTool.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping(default=IsAdmin | IsDeveloper | ReadOnly) serializer_mapping = utils.SerializerMapping.from_module( serializers.annotations.tools)
class LicenceTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.LicenceType.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.object_types.licences) permission_mapping = utils.PermissionMapping()
class MetaCollectionViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.MetaCollection.objects.all() # pylint: disable=E1101 filterset_class = filters.metacollections.Filter search_fields = filters.metacollections.search_fields serializer_mapping = (utils.SerializerMapping.from_module( serializers.data_collections.metacollections).extend( items=serializers.items.items.ListSerializer, add_item=serializers.items.items.SelectSerializer, remove_item=serializers.items.items.SelectSerializer, add_curator=serializers.users.users.SelectSerializer, remove_curator=serializers.users.users.SelectSerializer, )) permission_mapping = utils.PermissionMapping( { utils.Actions.LIST: [IsAuthenticated], utils.Actions.RETRIEVE: [IsAuthenticated, IsSpecialUser], 'items': [IsAuthenticated, IsSpecialUser], 'add_curator': [IsAuthenticated, IsAdmin], 'remove_curator': [IsAuthenticated, IsAdmin], }, default=[IsAuthenticated, IsDeveloper | IsAdmin]) def get_queryset(self): if self.action == 'items': metacollection_id = self.kwargs['pk'] metacollection = models.MetaCollection.objects.get( pk=metacollection_id) # pylint: disable=E1101 return metacollection.items.all() return super().get_queryset() @action(detail=True, methods=['POST']) def add_item(self, request, pk=None): return self.add_related_object_view(models.Item, 'item') @action(detail=True, methods=['POST']) def remove_item(self, request, pk=None): return self.remove_related_object_view('item') @action(detail=True, methods=['POST']) def add_curator(self, request, pk=None): return self.add_related_object_view(models.User, 'curator') @action(detail=True, methods=['POST']) def remove_curator(self, request, pk=None): return self.remove_related_object_view('curator') @action(detail=True, methods=['GET'], filterset_class=filters.items.Filter, search_fields=filters.items.search_fields) def items(self, request, pk=None): return self.list_related_object_view()
class SecondaryItemViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.SecondaryItem.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping( default=IsAuthenticated) # TODO: Fix permissions serializer_mapping = utils.SerializerMapping.from_module( serializers.items.secondary_items)
class DeviceBrandViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.DeviceBrand.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping(default=IsAdmin | ReadOnly) serializer_mapping = utils.SerializerMapping.from_module( serializers.devices.brands)
class CollectionAdministratorViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Collection.administrators.through.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.data_collections.administrators) permission_mapping = utils.PermissionMapping() # TODO: Fix permissions
class CollectionTypeRoleViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.CollectionRole.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.object_types.data_collections.roles) permission_mapping = utils.PermissionMapping()
class EntailmentTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.EntailmentType.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.object_types.entailments) permission_mapping = utils.PermissionMapping(default=IsDeveloper | IsAdmin | ReadOnly)
class SamplingEventTypeSiteTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.SamplingEventType.site_types.through.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.object_types.sampling_events.sites) permission_mapping = utils.PermissionMapping()
class SynonymViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Synonym.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.terms.synonyms) permission_mapping = utils.PermissionMapping(default=IsAdmin | IsCurator | ReadOnly)
class ModelVersionViewSet(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.ModelVersion.objects.all() # pylint: disable=no-member filterset_class = filters.model_versions.Filter search_fields = filters.model_versions.search_fields permission_mapping = utils.PermissionMapping(default=IsAuthenticated) serializer_mapping = utils.SerializerMapping.from_module( serializers.models.model_version)
class PhysicalDeviceViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.PhysicalDevice.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.devices.physical_devices) permission_mapping = utils.PermissionMapping( default=permissions.IsOwner | IsAdmin | ReadOnly)
class TermSuggestionViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.TermSuggestion.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.terms.suggestions) permission_mapping = utils.PermissionMapping( default=permissions.IsOwnSuggestion | IsAdmin | ReadOnly)
class MimeTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.MimeType.objects.all() # pylint: disable=E1101 serializer_mapping = (utils.SerializerMapping.from_module( serializers.object_types.mime_types)) permission_mapping = utils.PermissionMapping( { utils.Actions.RETRIEVE: IsAuthenticated, utils.Actions.DESTROY: IsAdmin, }, default=IsDeveloper | IsAdmin)
class InstitutionViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Institution.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.users.institutions) permission_mapping = utils.PermissionMapping( { utils.Actions.UPDATE: [IsAuthenticated, (permissions.IsFromInstitution | IsAdmin)], utils.Actions.DESTROY: [IsAuthenticated, IsAdmin], }, default=IsAuthenticated)
class SynonymSuggestionViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.SynonymSuggestion.objects.all() # pylint: disable=E1101 serializer_mapping = utils.SerializerMapping.from_module( serializers.terms.synonym_suggestions) permission_mapping = utils.PermissionMapping( { utils.Actions.UPDATE: [ IsAuthenticated, # TODO: Fix permissions ], utils.Actions.DESTROY: [IsAuthenticated, IsAdmin] }, default=IsAuthenticated)
class AnnotationTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.AnnotationType.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, IsDeveloper | IsAdmin, ], utils.Actions.DESTROY: [ IsAuthenticated, IsAdmin, ], }) serializer_mapping = utils.SerializerMapping.from_module( serializers.object_types.annotations)
class ModelViewSet(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Model.objects.all() # pylint: disable=no-member filterset_class = filters.models.Filter search_fields = filters.models.search_fields permission_mapping = utils.PermissionMapping(default=IsAuthenticated) serializer_mapping = (utils.SerializerMapping.from_module( serializers.models.model).extend( terms=serializers.terms.terms.ListSerializer, add_term=serializers.terms.terms.SelectSerializer)) def get_queryset(self): if self.action == 'terms': return Term.objects.filter(model=self.kwargs['pk']) return super().get_queryset()
class RoleViewSet(mixins.UpdateModelMixin, mixins.DestroyModelMixin, mixins.RetrieveModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Role.objects.all() # pylint: disable=E1101 serializer_mapping = (utils.SerializerMapping.from_module( serializers.users.roles).extend( add_permission=serializers.users.roles.SelectPermissionSerializer, remove_permission=serializers.users.roles. SelectPermissionSerializer)) permission_mapping = utils.PermissionMapping(default=IsAdmin | ReadOnly) @action(detail=True, methods=['POST']) def add_permission(self, request, pk=None): return self.add_related_object_view(Permission, 'permission') @action(detail=True, methods=['POST']) def remove_permission(self, request, pk=None): return self.remove_related_object_view('permission')
class CollectionUserViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.CollectionUser.objects.all() # pylint: disable=E1101 serializer_mapping = (utils.SerializerMapping.from_module( serializers.data_collections.users).extend( change_role=serializers.data_collections.users.RoleSerializer)) permission_mapping = utils.PermissionMapping({ utils.Actions.UPDATE: [ IsAuthenticated, (permissions.IsSelf | permissions.HasUpdatePermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | IsAdmin), ], utils.Actions.RETRIEVE: [ IsAuthenticated, (permissions.IsSelf | permissions.IsInCollection | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | IsSpecialUser), ], utils.Actions.DESTROY: [ IsAuthenticated, (permissions.IsSelf | IsAdmin), ], 'change_role': [(permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | IsAdmin)], }) @action(detail=True, methods=['POST']) def change_role(self, request, pk=None): instance = self.get_object() serializer = self.get_serializer(instance, data=request.data, partial=True) serializer.is_valid(raise_exception=True) serializer.save() return Response(serializer.data, status=status.HTTP_200_OK)
class CollectionTypeViewSet(mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.UpdateModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.CollectionType.objects.all() # pylint: disable=E1101 permission_mapping = utils.PermissionMapping() serializer_mapping = ( utils.SerializerMapping.from_module( serializers.object_types.data_collections.types).extend( administrators=serializers.object_types.data_collections. administrators.ListSerializer, # noqa pylint: disable=C0301 add_administrator=serializers.object_types.data_collections. administrators.CreateSerializer, # noqa pylint: disable=C0301 site_types=serializers.object_types.data_collections.sites. ListSerializer, # noqa pylint: disable=C0301 add_site_type=serializers.object_types.data_collections.sites. CreateSerializer, # noqa pylint: disable=C0301 annotation_types=serializers.object_types.data_collections. annotations.ListSerializer, # noqa pylint: disable=C0301 add_annotation_type=serializers.object_types.data_collections. annotations.CreateSerializer, # noqa pylint: disable=C0301 licence_types=serializers.object_types.data_collections. licences.ListSerializer, # noqa pylint: disable=C0301 add_licence_type=serializers.object_types.data_collections. licences.CreateSerializer, # noqa pylint: disable=C0301 sampling_event_types=serializers.object_types.data_collections. sampling_events.ListSerializer, # noqa pylint: disable=C0301 add_sampling_event_type=serializers.object_types. data_collections.sampling_events.CreateSerializer, # noqa pylint: disable=C0301 item_types=serializers.object_types.data_collections.items. ListSerializer, # noqa pylint: disable=C0301 add_item_type=serializers.object_types.data_collections.items. CreateSerializer, # noqa pylint: disable=C0301 event_types=serializers.object_types.data_collections.events. ListSerializer, # noqa pylint: disable=C0301 add_event_type=serializers.object_types.data_collections. events.CreateSerializer, # noqa pylint: disable=C0301 device_types=serializers.object_types.data_collections.devices. ListSerializer, # noqa pylint: disable=C0301 add_device_type=serializers.object_types.data_collections. devices.CreateSerializer, # noqa pylint: disable=C0301 roles=serializers.object_types.data_collections.roles. ListSerializer, # noqa pylint: disable=C0301 add_role=serializers.object_types.data_collections.roles. CreateSerializer, # noqa pylint: disable=C0301 )) def get_object(self): type_pk = self.kwargs['pk'] type = get_object_or_404(models.CollectionType, pk=type_pk) self.check_object_permissions(self.request, type) return type def get_serializer_context(self): context = super().get_serializer_context() try: collection_type = self.get_object() except (KeyError, AttributeError, AssertionError): collection_type = None context['collection_type'] = collection_type return context def get_queryset(self): if self.action == 'site_types': model = models.CollectionType.site_types.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'administrators': model = models.CollectionType.administrators.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'annotation_types': model = models.CollectionType.annotation_types.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'licence_types': model = models.CollectionType.licence_types.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'sampling_event_types': model = models.CollectionType.sampling_event_types.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'item_types': collection_id = self.kwargs['pk'] return models.CollectionItemType.objects.filter( # pylint: disable=E1101 collection_type=collection_id) if self.action == 'event_types': model = models.CollectionType.event_types.through # pylint: disable=E1101 collection_id = self.kwargs['pk'] return model.objects.filter(collectiontype_id=collection_id) if self.action == 'device_types': collection_id = self.kwargs['pk'] return models.CollectionDeviceType.objects.filter( # pylint: disable=E1101 collection_type=collection_id) if self.action == 'roles': collection_id = self.kwargs['pk'] return models.CollectionRole.objects.filter( # pylint: disable=E1101 collection_type=collection_id) return super().get_queryset() @action(detail=True, methods=['GET']) def site_types(self, request, pk=None): return self.list_related_object_view() @site_types.mapping.post def add_site_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def administrators(self, request, pk=None): return self.list_related_object_view() @administrators.mapping.post def add_administrator(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def annotation_types(self, request, pk=None): return self.list_related_object_view() @annotation_types.mapping.post def add_annotation_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def licence_types(self, request, pk=None): return self.list_related_object_view() @licence_types.mapping.post def add_licence_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def sampling_event_types(self, request, pk=None): return self.list_related_object_view() @sampling_event_types.mapping.post def add_sampling_event_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def item_types(self, request, pk=None): return self.list_related_object_view() @item_types.mapping.post def add_item_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def event_types(self, request, pk=None): return self.list_related_object_view() @event_types.mapping.post def add_event_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def device_types(self, request, pk=None): return self.list_related_object_view() @device_types.mapping.post def add_device_type(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET']) def roles(self, request, pk=None): return self.list_related_object_view() @roles.mapping.post def add_role(self, request, pk=None): return self.create_related_object_view()
class ItemViewSet(mixins.UpdateModelMixin, mixins.RetrieveModelMixin, mixins.DestroyModelMixin, mixins.ListModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.Item.objects.all() # pylint: disable=E1101 filterset_class = filters.items.Filter search_fields = filters.items.search_fields serializer_mapping = (utils.SerializerMapping.from_module( serializers.items.items ).extend( annotations=serializers.annotations.annotations.ListSerializer, add_annotation=serializers.annotations.annotations.CreateSerializer, types=serializers.object_types.items.ListSerializer, add_type=serializers.object_types.items.CreateSerializer, download=serializers.items.items.DownloadSerializer, upload=serializers.items.items.DownloadSerializer, tags=serializers.items.tags.ListSerializer, add_tag=serializers.items.tags.CreateSerializer, tag_item=serializers.items.tags.SelectSerializer, untag_item=serializers.items.tags.SelectSerializer, event_types=serializers.object_types.events.ListSerializer, add_event_type=serializers.object_types.events.CreateSerializer, secondary_items=serializers.items.secondary_items.ListSerializer, add_secondary_item=serializers.items.secondary_items.CreateSerializer, )) permission_mapping = utils.PermissionMapping( { utils.Actions.UPDATE: [ IsAuthenticated, (permissions.IsCreator | permissions.HasUpdatePermission | IsAdmin) ], utils.Actions.RETRIEVE: [ IsAuthenticated, (permissions.IsCreator | permissions.HasViewPermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | permissions.ItemIsOpenToView | IsSpecialUser) ], utils.Actions.DESTROY: [IsAuthenticated, (permissions.IsCreator | IsAdmin)], 'annotations': [ IsAuthenticated, (permissions.IsCreator | permissions.HasViewAnnotationsPermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | permissions.ItemIsOpenToViewAnnotations | IsSpecialUser) ], 'add_annotation': [ permissions.CanAnnotate, ], 'tag_item': [IsAuthenticated, (permissions.IsCreator | IsCurator | IsAdmin)], 'remove_tag': [IsAuthenticated, (permissions.IsCreator | IsCurator | IsAdmin)], 'upload': [IsAuthenticated, (permissions.IsCreator | IsAdmin)], 'download': [ IsAuthenticated, (permissions.IsCreator | permissions.HasDownloadPermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | permissions.ItemIsOpenToDownload | IsSpecialUser) ], 'add_type': [IsAuthenticated, IsAdmin], 'add_event_type': [IsAuthenticated, IsAdmin], 'secondary_items': [ IsAuthenticated, (permissions.IsCreator | permissions.HasViewPermission | permissions.IsCollectionAdmin | permissions.IsCollectionTypeAdmin | permissions.ItemIsOpenToView | IsSpecialUser) ], 'add_secondary_item': [ IsAuthenticated, ( permissions.IsCreator | # TODO: Add correct permissions IsSpecialUser) ] }, default=IsAuthenticated) def get_object(self): item_id = self.kwargs['pk'] item = get_object_or_404(models.Item, pk=item_id) self.check_object_permissions(self.request, item) return item def get_serializer_context(self): context = super().get_serializer_context() try: item = self.get_object() except (KeyError, AssertionError, AttributeError): item = None context['item'] = item return context def get_queryset(self): if self.action == 'list': return self.get_list_queryset() if self.action == 'tags': return models.Tag.objects.all() # pylint: disable=E1101 if self.action == 'annotations': item_id = self.kwargs['pk'] return models.Annotation.objects.filter(item=item_id) # pylint: disable=E1101 if self.action == 'secondary_items': item_id = self.kwargs['pk'] return models.SecondaryItem.objects.filter(item=item_id) # pylint: disable=E1101 if self.action == 'types': return models.ItemType.objects.all() # pylint: disable=E1101 if self.action == 'event_types': return models.EventType.objects.all() # pylint: disable=E1101 return super().get_queryset() @action(detail=False, methods=['GET'], filterset_class=filters.tags.Filter, search_fields=filters.tags.search_fields) def tags(self, request): return self.list_related_object_view() @tags.mapping.post def add_tag(self, request): return self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.annotations.Filter, search_fields=filters.annotations.search_fields) def annotations(self, request, pk=None): return self.list_related_object_view() @annotations.mapping.post def add_annotation(self, request, pk=None): try: return self.create_related_object_view() except Exception as e: print(e) @action(detail=True, methods=['GET'], filterset_class=filters.secondary_items.Filter, search_fields=filters.secondary_items.search_fields) def secondary_items(self, request, pk=None): return self.list_related_object_view() @secondary_items.mapping.post def add_secondary_item(self, request, pk=None): return self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.item_types.Filter, search_fields=filters.item_types.search_fields) def types(self, request): return self.list_related_object_view() @types.mapping.post def add_type(self, request): return self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.event_types.Filter, search_fields=filters.event_types.search_fields) def event_types(self, request): return self.list_related_object_view() @event_types.mapping.post def add_event_type(self, request): return self.create_related_object_view() @action(detail=True, methods=['POST']) def tag_item(self, request, pk=None): return self.add_related_object_view(models.Tag, 'tag') @action(detail=True, methods=['POST']) def untag_item(self, request, pk=None): return self.remove_related_object_view('tag') @action(detail=True, methods=['POST']) def upload(self, request, pk=None): item = self.get_object() if item.item_file.name != '': return Response('File previously uploaded', status=status.HTTP_403_FORBIDDEN) serializer = self.get_serializer(item, data=request.data, partial=True) if not serializer.is_valid(): return Response('Invalid file', status=status.HTTP_400_BAD_REQUEST) serializer.save() return Response('File uploaded', status=status.HTTP_200_OK) @action(detail=True, methods=['GET']) def download(self, request, pk=None): item = self.get_object() if item.item_file.name == '': return Response('File not uploaded to server', status=status.HTTP_404_NOT_FOUND) serializer_class = self.get_serializer_class() context = self.get_serializer_context() serializer = serializer_class(item, context=context) url = serializer.data['item_file'] return redirect(url) @action(detail=True, methods=['GET']) def location(self, request, pk=None): item = self.get_object() serializer = serializers.sites.ItemLocationSerializer([item], many=True) return Response(serializer.data) def get_list_queryset(self): try: user = self.request.user except AttributeError: return models.Item.objects.none() # pylint: disable=E1101 is_special_user = (user.is_superuser | user.is_curator | user.is_model | user.is_developer) if is_special_user: return self.get_full_queryset() return self.get_normal_queryset(user) def get_normal_queryset(self, user): is_open = (Q(licence__is_active=False) | Q(licence__licence_type__can_view=True)) is_owner = Q(created_by=user.pk) perm = Permission.objects.get(codename='view_collection_items') collections_with_permission = ( models.CollectionUser.objects # pylint: disable=E1101 .filter(user=user.pk, role__in=perm.role_set.all()).values('collection')) # TODO # Check that this query is working is_in_allowed_collection = Q( sampling_event_device__sampling_event__collection__in= collections_with_permission) filter_query = (is_open | is_owner | is_in_allowed_collection) queryset = models.Item.objects.filter(filter_query) # pylint: disable=E1101 return queryset def get_full_queryset(self): return models.Item.objects.all() # pylint: disable=E1101
class DeviceViewSet(utils.CustomViewSetMixin, ModelViewSet): queryset = models.Device.objects.all() # pylint: disable=E1101 filterset_class = filters.devices.Filter search_fields = filters.devices.search_fields serializer_mapping = (utils.SerializerMapping.from_module( serializers.devices.devices).extend( types=serializers.object_types.devices.ListSerializer, add_type=serializers.object_types.devices.CreateSerializer, brands=serializers.devices.brands.ListSerializer, add_brand=serializers.devices.brands.CreateSerializer, physical_devices=serializers.devices.physical_devices. ListSerializer, add_physical_device=serializers.devices.physical_devices. CreateSerializer, )) permission_mapping = utils.PermissionMapping( { utils.Actions.UPDATE: IsAdmin, utils.Actions.DESTROY: IsAdmin, 'add_type': IsAdmin, }, default=IsAuthenticated) def get_queryset(self): if self.action == 'types': return models.DeviceType.objects.all() # pylint: disable=E1101 if self.action == 'brands': return models.DeviceBrand.objects.all() # pylint: disable=E1101 if self.action == 'physical_devices': # TODO: set adequate queryset for user return models.PhysicalDevice.objects.all() # pylint: disable=E1101 return super().get_queryset() @action(detail=False, methods=['GET'], filterset_class=filters.device_types.Filter, search_fields=filters.device_types.search_fields) def types(self, request): return self.list_related_object_view() @types.mapping.post def add_type(self, request): return self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.device_brands.Filter, search_fields=filters.device_brands.search_fields) def brands(self, request): return self.list_related_object_view() @brands.mapping.post def add_brand(self, request): return self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.physical_devices.Filter, search_fields=filters.physical_devices.search_fields) def physical_devices(self, request): return self.list_related_object_view() @physical_devices.mapping.post def add_physical_device(self, request): return self.create_related_object_view()
class TermTypeViewSet(utils.CustomViewSetMixin, ModelViewSet): queryset = models.TermType.objects.all() # pylint: disable=E1101 search_fields = filters.term_types.search_fields filterset_class = filters.term_types.Filter serializer_mapping = (utils.SerializerMapping.from_module( serializers.object_types.terms ).extend( terms=serializers.terms.terms.ListSerializer, add_term=serializers.terms.terms.CreateSerializer, suggestions=serializers.terms.suggestions.ListSerializer, suggest_term=serializers.terms.suggestions.CreateSerializer, entailment_types=serializers.object_types.entailments.ListSerializer, add_entailment_type=serializers.object_types.entailments. CreateSerializer, entailments=serializers.terms.entailments.ListSerializer, add_entailment=serializers.terms.entailments.CreateSerializer, synonyms=serializers.terms.synonyms.ListSerializer, add_synonym=serializers.terms.synonyms.CreateSerializer, synonym_suggestions=serializers.terms.synonym_suggestions. ListSerializer, suggest_synonym=serializers.terms.synonym_suggestions.CreateSerializer, )) permission_mapping = utils.PermissionMapping( { utils.Actions.DESTROY: [IsAuthenticated, IsAdmin], utils.Actions.CREATE: [IsAuthenticated, IsAdmin], utils.Actions.UPDATE: [IsAuthenticated, IsAdmin], 'add_term': [IsAuthenticated, IsAdmin], 'add_entailment_type': [IsAuthenticated, IsAdmin], 'add_entailment': [IsAuthenticated, IsAdmin], 'add_synonym': [IsAuthenticated, IsAdmin], }, default=IsAuthenticated) def get_object(self): type_pk = self.kwargs['pk'] term_type = get_object_or_404(models.TermType, pk=type_pk) self.check_object_permissions(self.request, term_type) return term_type def get_serializer_context(self): context = super().get_serializer_context() try: term_type = self.get_object() except (KeyError, AssertionError, AttributeError): term_type = None context['term_type'] = term_type return context def get_queryset(self): if self.action == 'entailments': return models.Entailment.objects.all() # pylint: disable=E1101 if self.action == 'entailment_types': return models.EntailmentType.objects.all() # pylint: disable=E1101 if self.action == 'terms': term_type_id = self.kwargs['pk'] return models.Term.objects.filter(term_type=term_type_id) # pylint: disable=E1101 if self.action == 'synonyms': term_type_id = self.kwargs['pk'] return models.Synonym.objects.filter( source__term_type=term_type_id) # pylint: disable=E1101 if self.action == 'suggestions': term_type_id = self.kwargs['pk'] return models.TermSuggestion.objects.filter(term_type=term_type_id) # pylint: disable=E1101 if self.action == 'synonym_suggestions': term_type_id = self.kwargs['pk'] return models.SynonymSuggestion.objects.filter( source__term_type=term_type_id) # pylint: disable=E1101 return super().get_queryset() @action(detail=False, methods=['GET'], filterset_class=filters.entailments.Filter, search_fields=filters.entailments.search_fields) def entailments(self, request): return self.list_related_object_view() @entailments.mapping.post def add_entailment(self, request): self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.entailment_types.Filter, search_fields=filters.entailment_types.search_fields) def entailment_types(self, request): return self.list_related_object_view() @entailment_types.mapping.post def add_entailment_type(self, request): self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.terms.Filter, search_fields=filters.terms.search_fields) def terms(self, request, pk=None): return self.list_related_object_view() @terms.mapping.post def add_term(self, request, pk=None): return self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.synonyms.Filter, search_fields=filters.synonyms.search_fields) def synonyms(self, request, pk=None): return self.list_related_object_view() @synonyms.mapping.post def add_synonym(self, request, pk=None): self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.term_suggestions.Filter, search_fields=filters.term_suggestions.search_fields) def suggestions(self, request, pk=None): return self.list_related_object_view() @suggestions.mapping.post def suggest_term(self, request, pk=None): self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.synonym_suggestions.Filter, search_fields=filters.synonym_suggestions.search_fields) def synonym_suggestions(self, request, pk=None): return self.list_related_object_view() @synonym_suggestions.mapping.post def suggest_synonym(self, request, pk=None): self.create_related_object_view()
class UserViewSet(mixins.ListModelMixin, mixins.UpdateModelMixin, mixins.CreateModelMixin, mixins.RetrieveModelMixin, utils.CustomViewSetMixin, GenericViewSet): queryset = models.User.objects.all() # pylint: disable=E1101 filterset_class = filters.users.Filter search_fields = filters.users.search_fields permission_mapping = utils.PermissionMapping( { utils.Actions.CREATE: IsUnauthenticated, utils.Actions.UPDATE: [ IsAuthenticated, permissions.IsSelf | IsAdmin ], # TODO: Fix permissions }, default=IsAuthenticated) serializer_mapping = (utils.SerializerMapping.from_module( serializers.users.users).extend( items=serializers.items.items.ListSerializer, devices=serializers.devices.physical_devices.ListSerializer, sites=serializers.sites.ListSerializer, roles=serializers.users.roles.ListSerializer, sampling_events=serializers.sampling_events.sampling_events. UserListSerializer, add_role=serializers.users.roles.CreateSerializer, collections=serializers.data_collections.data_collections. ListSerializer, institutions=serializers.users.institutions.ListSerializer, add_institution=serializers.users.institutions.CreateSerializer, )) def get_object(self): user_pk = self.kwargs['pk'] user = get_object_or_404(models.User, pk=user_pk) self.check_object_permissions(self.request, user) return user def get_serializer_class(self): if self.action == 'retrieve': try: user = self.request.user viewed_user = self.get_object() if user == viewed_user or user.is_superuser: return serializers.users.users.FullDetailSerializer except (AssertionError, AttributeError): return serializers.users.users.DetailSerializer return super().get_serializer_class() def get_queryset(self): if self.action == 'roles': return models.Role.objects.all() # pylint: disable=E1101 if self.action == 'institutions': return models.Institution.objects.all() # pylint: disable=E1101 if self.action == 'items' or self.action == 'item_locations': user_id = self.kwargs['pk'] return models.Item.objects.filter(created_by=user_id) # pylint: disable=E1101 if self.action == 'devices': user_id = self.kwargs['pk'] return models.PhysicalDevice.objects.filter(owner=user_id) # pylint: disable=E1101 if self.action == 'sites' or self.action == 'site_locations': user_id = self.kwargs['pk'] return models.Site.objects.filter(created_by=user_id) # pylint: disable=E1101 if self.action == 'collections': user = self.get_object() return user.collection_users.all() if self.action == 'sampling_events' or self.action == 'sampling_event_locations': user = self.get_object() return user.sampling_event_created_by.all() return super().get_queryset() @action(detail=False, methods=['GET'], filterset_class=filters.roles.Filter, search_fields=filters.roles.search_fields) def roles(self, request): return self.list_related_object_view() @roles.mapping.post def add_role(self, request): return self.create_related_object_view() @action(detail=False, methods=['GET'], filterset_class=filters.institutions.Filter, search_fields=filters.institutions.search_fields) def institutions(self, request): return self.list_related_object_view() @institutions.mapping.post def add_institution(self, request): return self.create_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.items.Filter, search_fields=filters.items.search_fields) def items(self, request, pk=None): return self.list_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.physical_devices.Filter, search_fields=filters.physical_devices.search_fields) def devices(self, request, pk=None): return self.list_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.sites.Filter, search_fields=filters.sites.search_fields) def sites(self, request, pk=None): return self.list_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.sampling_events.Filter, search_fields=filters.sampling_events.search_fields) def sampling_events(self, request, pk=None): return self.list_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.data_collections.Filter, search_fields=filters.data_collections.search_fields) def collections(self, request, pk=None): return self.list_related_object_view() @action(detail=True, methods=['GET'], filterset_class=filters.sites.Filter, search_fields=filters.sites.search_fields) def site_locations(self, request, pk=None): queryset = self.filter_queryset(self.get_queryset()) serializer = serializers.sites.SiteLocationSerializer(queryset, many=True, read_only=True) return Response(serializer.data) @action(detail=True, methods=['GET'], filterset_class=filters.items.Filter, search_fields=filters.items.search_fields) def item_locations(self, request, pk=None): queryset = self.filter_queryset(self.get_queryset()) serializer = serializers.sites.ItemLocationSerializer(queryset, many=True, read_only=True) return Response(serializer.data) @action(detail=True, methods=['GET'], filterset_class=filters.sampling_events.Filter, search_fields=filters.sampling_events.search_fields) def sampling_event_locations(self, request, pk=None): queryset = self.filter_queryset(self.get_queryset()) serializer = serializers.sites.SamplingEventLocationSerializer( queryset, many=True, read_only=True) return Response(serializer.data)