class Meta: resource_name = 'banana/completed-item' queryset = CompletedItem.objects.all() include_absolute_url = True fields = [ 'created', 'id', 'link', 'markup', 'modified', 'promoted', 'rendered', 'resource_uri', 'user' ] allowed_methods = ['get', 'post', 'put', 'delete'] validation = FormValidation(form_class=CompletedItemForm) authentication = SessionAuthentication() authorization = UserIsRequestorAuthorization() API.register(CompletedItemResource()) class CompletedItemRockResource(ModelResource): completed_item = fields.ForeignKey(CompletedItemResource, 'completed_item') user = fields.ForeignKey(UserResource, 'user') class Meta: resource_name = 'banana/completed-item-rock' queryset = CompletedItemRock.objects.all() include_absolute_url = False allowed_methods = ['get', 'post', 'put', 'delete'] #validation = FormValidation(form_class=CompletedItemRockForm) authentication = SessionAuthentication() authorization = UserIsRequestorAuthorization()
'''Anyone can read Namespace if public == True, otherwise only the owner can read it''' if not bundle.request.user.is_authenticated(): return False if bundle.obj.public: return True return bundle.request.user == bundle.obj.owner class NamespaceResource(ModelResource): owner = fields.ForeignKey(UserResource, 'owner') class Meta: queryset = Namespace.objects.all() resource_name = 'peach/namespace' fields = ['name', 'display_name', 'public', 'archive'] allowed_methods = ['get', 'put', 'post', 'delete'] validation = FormValidation(form_class=NamespaceForm) authentication = SessionAuthentication() authorization = NamespaceAuthorization(user_field_name='owner') API.register(NamespaceResource()) def get_namespace_by_resource_url(url): '''Returns a Namespace for a resource URL like /api/v0.1/peach/namespace/3/''' return get_model_by_resource_url(url, Namespace) class WikiPhotoAuthorization(Authorization): ''' Create: User must be logged in and 'wiki_page' must be a resource URL for a WikiPage owned by the logged in user Read: If the wiki_page is public, True. Otherwise, only if owned by the logged in user Update: Any logged in user can update their own object Delete: Any logged in user can delete their own object ''' def create_detail(self, object_list, bundle): raise Unauthorized("Sorry, no creates. Use the photo post resource instead.")
class NamespaceResource(ModelResource): owner = fields.ForeignKey(UserResource, 'owner') class Meta: queryset = Namespace.objects.all() resource_name = 'peach/namespace' fields = ['name', 'display_name', 'public', 'archive'] allowed_methods = ['get', 'put', 'post', 'delete'] validation = FormValidation(form_class=NamespaceForm) authentication = SessionAuthentication() authorization = NamespaceAuthorization(user_field_name='owner') API.register(NamespaceResource()) def get_namespace_by_resource_url(url): '''Returns a Namespace for a resource URL like /api/v0.1/peach/namespace/3/''' return get_model_by_resource_url(url, Namespace) class WikiPhotoAuthorization(Authorization): ''' Create: User must be logged in and 'wiki_page' must be a resource URL for a WikiPage owned by the logged in user Read: If the wiki_page is public, True. Otherwise, only if owned by the logged in user Update: Any logged in user can update their own object Delete: Any logged in user can delete their own object ''' def create_detail(self, object_list, bundle):
from transmutable import API, UserResource, UserIsRequestorAuthorization class CompletedItemResource(ModelResource): user = fields.ForeignKey(UserResource, 'user') rocks = fields.ToManyField('banana.api.CompletedItemRockResource', 'rocks', null=True) rock_users = fields.ToManyField(UserResource, 'rock_users', null=True, full=True) class Meta: resource_name = 'banana/completed-item' queryset = CompletedItem.objects.all() include_absolute_url = True fields = ['created', 'id', 'link', 'markup', 'modified', 'promoted', 'rendered', 'resource_uri', 'user'] allowed_methods = ['get', 'post', 'put', 'delete'] validation = FormValidation(form_class=CompletedItemForm) authentication = SessionAuthentication() authorization = UserIsRequestorAuthorization() API.register(CompletedItemResource()) class CompletedItemRockResource(ModelResource): completed_item = fields.ForeignKey(CompletedItemResource, 'completed_item') user = fields.ForeignKey(UserResource, 'user') class Meta: resource_name = 'banana/completed-item-rock' queryset = CompletedItemRock.objects.all() include_absolute_url = False allowed_methods = ['get', 'post', 'put', 'delete'] #validation = FormValidation(form_class=CompletedItemRockForm) authentication = SessionAuthentication() authorization = UserIsRequestorAuthorization() API.register(CompletedItemRockResource()) class GratitudeResource(ModelResource):