class InvitationList(generics.ListCreateAPIView): queryset = Invitation.objects.all() serializer_class = InvitationSerializer permission_classes = (Or(permissions.IsAdminUser, And(IsHostOfPartyWithParam, Not(IsGetRequest))), ) # this is a hook, called when creating an instance # we need to override this method as we are writing to a ReadOnlyField # this is easier than overriding the entire post method def perform_create(self, serializer): invitee_facebook_id = self.request.data.get('invitee_facebook_id') if invitee_facebook_id is None: raise ValidationError("'invitee_facebook_id' was not provided.") invitee = lookup_user_with_facebook_id(invitee_facebook_id) party_id = self.request.data.get('party_id') party = Party.objects.get(pk=party_id) """ Not the best solution... but to avoid internal server error when unique_together on Invitation model fails """ potential_conflict = Invitation.objects.filter(invitee=invitee, party=party) if len(potential_conflict) > 0: raise ValidationError("The invitee, party pair exists already.") serializer.save(invitee=invitee, party=party)
class GrantRequestToJoinParty(generics.CreateAPIView): queryset = Invitation.objects.all() serializer_class = InvitationSerializer permission_classes = (Or(permissions.IsAdminUser, IsHostOfPartyWithParam), ) def perform_create(self, serializer): invitee_facebook_id = self.request.data.get('invitee_facebook_id') if invitee_facebook_id is None: raise ValidationError("'invitee_facebook_id' was not provided.") invitee = lookup_user_with_facebook_id(invitee_facebook_id) party_id = self.request.data.get('party_id') party = Party.objects.get(pk=party_id) """ Not the best solution... but to avoid internal server error when unique_together on Invitation model fails """ potential_conflict = Invitation.objects.filter(invitee=invitee, party=party) if len(potential_conflict) > 0: raise ValidationError("The invitee, party pair exists already.") if invitee not in party.requesters.all(): raise ValidationError("There was no request by this user.") party.requesters.remove(invitee) serializer.save(invitee=invitee, party=party)
class AddBouncer(generics.UpdateAPIView): queryset = Party.objects.all() serializer_class = PartyManagerSerializer permission_classes = (Or(IsAdmin, IsHostOfPartyObject), ) def put(self, request, *args, **kwargs): try: party = Party.objects.get(pk=kwargs['pk']) except Party.DoesNotExist: raise ValidationError("The party does not exist.") self.check_object_permissions(request, party) bouncer_facebook_id = request.data.get('bouncer_facebook_id') if bouncer_facebook_id is None: raise ValidationError("'bouncer_facebook_id' was not provided.") bouncer = lookup_user_with_facebook_id(bouncer_facebook_id) if bouncer not in party.invitees.all(): raise ValidationError( "You must invite this user first before adding them as a bouncer." ) invitation = Invitation.objects.get(party=party, invitee=bouncer) if not invitation.has_rsvped: raise ValidationError("This invitee has not RSVPed yet.") invitation.delete() party.bouncers.add(bouncer) # no need to call save serializer = PartyManagerSerializer( party) # this is serialization, NOT deserialization return Response(serializer.data, status=status.HTTP_200_OK)
class ProjectProfileViewSet(BaseProjectApiViewSet): serializer_class = ProjectProfileSerializer queryset = ProjectProfile.objects.all() permission_classes = [ Or(ProjectDataReadOnlyPermission, ProjectProfileCollectorPermission, ProjectDataAdminPermission) ] filter_class = ProjectProfileFilterSet def is_last_admin(self): obj = self.get_object() existing_project = obj.project admin_profiles = ProjectProfile.objects.filter(project=existing_project, role=ProjectProfile.ADMIN) return admin_profiles.count() < 2 and obj.pk == admin_profiles[0].pk def perform_update(self, serializer): if self.is_last_admin(): raise ValidationError('You are the last admin of this project! Create another admin before you relinquish.') serializer.save() def perform_destroy(self, instance): if self.is_last_admin(): raise ValidationError('You are the last admin of this project! Create another admin before you relinquish.') instance.delete()
class ReviewViewSet(viewsets.ModelViewSet): queryset = Review.objects.all() serializer_class = ReviewSerializer permission_classes = [ Or(AllUserRead, AdminUserWrite, OwnerUpdateReply, UserCreate) ] def get_queryset(self): owner_id = self.request.query_params.get('owner_id') is_pending = self.request.query_params.get('is_pending') reviews = self.queryset if owner_id is not None: res_list = owner_restaurants = Restaurant.objects.filter( owner_id=owner_id).values_list('id') reviews = reviews.filter(restaurant_id__in=res_list) if is_pending: reviews = reviews.filter(reply__exact='') return reviews @action(detail=True, methods=['put']) def reply(self, request, pk): review = self.get_object() reply = self.request.data.get('reply') review.reply = reply review.save() return Response("Success")
class AlbumDetail(generics.RetrieveUpdateDestroyAPIView): queryset = Album.objects.all() serializer_class = AlbumSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_fields = '__all__'
class InvitationToPartyList(generics.ListAPIView): serializer_class = InvitationSerializer permission_classes = (Or(permissions.IsAdminUser, IsHostOrBouncer), ) def get_queryset(self): party_id = self.kwargs['party_id'] return Invitation.objects.filter(party=party_id)
class AlbumList(generics.ListCreateAPIView): queryset = Album.objects.all() serializer_class = AlbumSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_class = AlbumFilter
class sequencesViewSet(viewsets.ModelViewSet): """ API endpoint that allows to be view or edit sequences of panorama images. get: List sequences matching url parameters. post: Create a new sequence instance. patch: edit and update an existing sequence. delete: permanently delete an existing sequence. """ queryset = sequences.objects.all() serializer_class = sequences_serializer permission_classes = (Or(baseAPIPermission, IsAuthenticated, HasAPIAccess), ) pagination_class = basePagination filter_backends = (DjangoFilterBackend, ) filterset_fields = ('creator_key', ) def initial(self, request, *args, **kwargs): if request.method == 'GET': self.permission_classes = (Or(baseAPIPermission, IsAuthenticated, HasAPIAccess), ) #Or(baseAPIPermission, HasAPIAccess), else: self.permission_classes = (IsAuthenticated, ) super(sequencesViewSet, self).initial(request, *args, **kwargs)
class MeetingViewSet(viewsets.ModelViewSet): serializer_class = MeetingSerializer queryset = Meeting.objects.all() permission_classes = [ Or( And( IsSafeMethod, IsPublic, ), And( IsSafeMethod, Not(IsPrivate), IsMeetingClient, ), IsMeetingHost, IsAdminUser, ) ] def get_queryset(self): user = self.request.user if IsClient: return Meeting.objects.filter(Q(private=False), Q(public=True) | Q(clients=user.id)) elif IsHost: return Meeting.objects.filter(Q(hosts=user.id) | Q(public=True)) elif IsSuperUser: return Meeting.objects.all() else: return Meeting.objects.filter(public=True)
class image_object_typesViewSet(viewsets.ModelViewSet): """ API endpoint that allows to be view or edit image objects. get: List image objects matching url parameters. post: Create a new image object instance. patch: edit and update an existing image object. delete: permanently delete an existing image object. """ queryset = image_object_types.objects.all() serializer_class = image_object_types_serializer permission_classes = (Or(baseAPIPermission, IsAuthenticated, HasAPIAccess), ) def initial(self, request, *args, **kwargs): if request.method == 'GET': self.permission_classes = (Or(baseAPIPermission, IsAuthenticated, HasAPIAccess), ) #Or(baseAPIPermission, HasAPIAccess), else: self.permission_classes = (IsAuthenticated, ) super(image_object_typesViewSet, self).initial(request, *args, **kwargs)
class GroupMembers(generics.ListCreateAPIView): serializer_class = MembershipSerializer permission_classes = (Or(IsGroupMemberPermission, IsGroupAdminPermission), ) def get_queryset(self): group_id = self.kwargs['pk'] return Membership.objects.filter(group__id=group_id) def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user_name = serializer.validated_data['person'] try: serializer = self.perform_create(serializer) except IntegrityError: return Response( { "detail": "User {} is already part of the group".format(user_name) }, status=status.HTTP_204_NO_CONTENT) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers) def perform_create(self, serializer): membership = Membership(**serializer.validated_data) group_id = self.kwargs['pk'] membership.group = Group.objects.get(pk=group_id) membership.save() return MembershipSerializer(membership)
class BlogViewSet(viewsets.ModelViewSet): """ ViewSet for viewing and editing Blog objects """ queryset = Blog.objects.all().order_by("-uploaded_time") serializer_class = BlogSerializer permission_classes = (Or(And(ApiTokenPermissions, IsListOrRetrieve), IsAuthenticated), ) filter_backends = (filters.SearchFilter, ) search_fields = ('category', )
def initial(self, request, *args, **kwargs): if request.method == 'GET': self.permission_classes = (Or(baseAPIPermission, IsAuthenticated, HasAPIAccess), ) #Or(baseAPIPermission, HasAPIAccess), else: self.permission_classes = (IsAuthenticated, ) super(sequencesViewSet, self).initial(request, *args, **kwargs)
class GroupViewSet(AutocompleteMixin, AtomicMixin, InstanceBasedMixin, viewsets.ModelViewSet): model = Group queryset = Group.objects.all() serializer_class = GroupSerializer autocomplete_field = 'label' permission_classes = ( Or( AdminHasPermissions, And( IsApiKeyAccess, Or(ApiKeyHasPermissions, HasCreateGroupPermission)) ), OwnerInGoodStanding, )
class Withdraw(views.APIView): permission_classes = [Or(IsAdmitted, IsConfirmed)] def post(self, request): hacker = request.user.profile.hacker hacker.withdraw_from_event() return views.Response({'message': 'Desistência completa', 'state': hacker.profile.state})
class HostedPartyList(generics.ListAPIView): serializer_class = PartySummarySerializer permission_classes = (Or(permissions.IsAdminUser, IsSameUserWithURLParam), ) def get_queryset(self): host_id = self.kwargs['user_id'] return Party.objects.filter(host=host_id)
class LoanDetail(generics.RetrieveUpdateDestroyAPIView): queryset = Loan.objects.all() serializer_class = LoanSerializer authentication_classes = [SessionAuthentication] permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_fields = '__all__'
class UserList(generics.ListCreateAPIView): queryset = User.objects.all() serializer_class = UserSerializer authentication_classes = [SessionAuthentication] permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_fields = '__all__'
class MusicList(generics.ListCreateAPIView): queryset = Music.objects.all() serializer_class = MusicSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] #Precisa dessa virgula e espaço permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_fields = '__all__'
class UserViewSet(viewsets.ModelViewSet): serializer_class = UserSerializer queryset = BasicUser.objects.all() permission_classes = [Or( IsSafeMethod, IsPOST, IsAdminUser, )]
class ClientProfileViewSet(viewsets.ModelViewSet): serializer_class = ClientProfileSerializer queryset = ClientProfile.objects.all() permission_classes = [Or( IsSafeMethod, IsPOST, IsAdminUser, )]
class EventList(generics.ListCreateAPIView): queryset = Event.objects.all() serializer_class = EventSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend,) filter_fields = ('event_type', 'level', 'quantity', 'colected_by', 'detail')
class MusicList(generics.ListCreateAPIView): queryset = Music.objects.all() serializer_class = MusicSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, ) filter_fields = '__all__' #indica quais campos podem ser passados como filtro
class CourseViewSet(viewsets.ModelViewSet): queryset = Course.objects.all() serializer_class = CourseSerializer authentication_classes = (authentication.SessionAuthentication,) permission_classes = (Or(permissions.IsAdminUser, WriteTokenOnly),) parser_classes = (MultiPartParser, FormParser,) filter_backends = (DjangoFilterBackend, SearchFilter) filter_fields = ('name', 'teachers', )
class GroupsEndpointListView(ListAPIView): permission_classes = [ Or(build_permission_class('dms.can_manage_users'), IsGetRequest) ] def list(self, request, *args, **kwargs): queryset = Group.objects() data = [GroupSerializer(query).data for query in queryset] return Response(data)
class ClockList(generics.ListAPIView): queryset = Clock.objects.all() serializer_class = ClockSerializer authentication_classes = [OAuth2Authentication, SessionAuthentication] permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)] filter_backends = (filters.DjangoFilterBackend, OwnerFilterBackend, DeletedFilterBackend) filter_fields = '__all__'
class HelperView( PermissionClassesMixin, SidebarContextMixin, HelperContextMixin, UserContextMixin, TemplateView): template_name = 'helper/helper.html' active_tab = 'helper' permission_classes = [Or(IsMentor, CanSubmitTickets)]
class AppointmentRatingViewSet(GenericViewSet, mixins.ListModelMixin): """ List ratings for clinic admin and super admins """ queryset = AppointmentRating.objects.all().order_by('-id') serializer_class = AppointmentRatingSerializer permission_classes = (Or(IsSuperAdmin, IsClinicsAdmin), ) filter_backends = (AppointmentRatingUserFilter, ) pagination_class = ViewPagination
class BaseProjectApiViewSet(BaseApiViewSet): project_lookup = None permission_classes = [ Or( ProjectDataReadOnlyPermission, ProjectDataCollectorPermission, ProjectDataAdminPermission, ) ] def perform_update(self, serializer): requested_project = uuid.UUID(check_uuid(self.request.data.get("project"))) existing_project = self.get_object().project.pk if requested_project != existing_project: raise ValidationError( "Reassigning project data to another project not currently supported." ) serializer.save() def limit_to_project(self, request, *args, **kwargs): model = self.get_queryset().model if hasattr(model, "project_lookup") and model.project_lookup is not None: project_filter = {model.project_lookup: check_uuid(kwargs["project_pk"])} self.queryset = self.get_queryset().filter(**project_filter) return self.queryset def list(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).list(request, *args, **kwargs) def retrieve(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).retrieve(request, *args, **kwargs) def create(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).create(request, *args, **kwargs) def update(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).update(request, *args, **kwargs) def partial_update(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).partial_update( request, *args, **kwargs ) def destroy(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).destroy(request, *args, **kwargs) @action(detail=False, methods=["POST"]) def missing(self, request, *args, **kwargs): self.limit_to_project(request, *args, **kwargs) return super(BaseProjectApiViewSet, self).missing(request, *args, **kwargs)