class PartnerSiteResource(ConditionalFullResource):
organisation = ConditionalFullToOneField(
'akvo.api.resources.OrganisationResource', 'organisation',
)
keywords = ConditionalFullToManyField(
'akvo.api.resources.KeywordResource', 'keywords',
)
class Meta:
max_limit = 10
allowed_methods = ['get']
queryset = PartnerSite.objects.all()
resource_name = 'partner_site'
fields = [
'id',
'organisation',
'hostname',
'cname',
'enabled',
'ui_translation',
'google_translation',
'partner_projects',
'keywords',
]
filtering = dict(
hostname = ALL,
cname = ALL,
enabled = ALL,
ui_translation = ALL,
google_translation = ALL,
partner_projects = ALL,
keywords = ALL_WITH_RELATIONS,
organisation = ALL_WITH_RELATIONS,
)
class OrganisationResource(ConditionalFullResource):
partnerships = ConditionalFullToManyField(
'akvo.api.resources.PartnershipResource',
'partnerships',
help_text='Show the projects the organisation is related to and how.')
locations = ConditionalFullToManyField(
'akvo.api.resources.OrganisationLocationResource',
'locations',
null=True)
primary_location = fields.ToOneField(
'akvo.api.resources.OrganisationLocationResource',
'primary_location',
full=True,
blank=True,
null=True,
)
class Meta:
allowed_methods = ['get']
queryset = Organisation.objects.all()
resource_name = 'organisation'
include_absolute_url = True
filtering = dict(
# other fields
iati_org_id=ALL,
name=ALL,
organisation_type=ALL,
# foreign keys
locations=ALL_WITH_RELATIONS,
partnerships=ALL_WITH_RELATIONS,
)
def dehydrate(self, bundle):
""" add thumbnails inline info for Organisation.logo
"""
bundle = super(OrganisationResource, self).dehydrate(bundle)
bundle.data['logo'] = {
'original': bundle.data['logo'],
'thumbnails': get_extra_thumbnails(bundle.obj.logo),
}
return bundle
class FocusAreaResource(ConditionalFullResource):
categories = ConditionalFullToManyField('akvo.api.resources.CategoryResource', 'categories')
class Meta:
allowed_methods = ['get']
queryset = FocusArea.objects.all()
resource_name = 'focus_area'
filtering = dict(
# other fields
slug = ALL,
)
class ProjectResource(ConditionalFullResource):
benchmarks = ConditionalFullToManyField(
'akvo.api.resources.BenchmarkResource',
'benchmarks',
)
budget_items = ConditionalFullToManyField(
'akvo.api.resources.BudgetItemResource', 'budget_items')
categories = ConditionalFullToManyField(
'akvo.api.resources.CategoryResource', 'categories')
goals = ConditionalFullToManyField('akvo.api.resources.GoalResource',
'goals')
keywords = ConditionalFullToManyField('akvo.api.resources.KeywordResource',
'keywords')
invoices = ConditionalFullToManyField('akvo.api.resources.InvoiceResource',
'invoices')
links = ConditionalFullToManyField('akvo.api.resources.LinkResource',
'links')
locations = ConditionalFullToManyField(
'akvo.api.resources.ProjectLocationResource', 'locations')
partnerships = ConditionalFullToManyField(
'akvo.api.resources.PartnershipResource',
'partnerships',
)
primary_location = fields.ToOneField(
'akvo.api.resources.ProjectLocationResource',
'primary_location',
full=True,
null=True)
project_comments = ConditionalFullToManyField(
'akvo.api.resources.ProjectCommentResource', 'comments')
project_updates = ConditionalFullToManyField(
'akvo.api.resources.ProjectUpdateResource', 'project_updates')
class Meta:
max_limit = 10
allowed_methods = ['get']
authentication = ConditionalApiKeyAuthentication(
methods_requiring_key=['POST', 'PUT'])
queryset = Project.objects.all(
) #Note: this is modified in get_object_list()
resource_name = 'project'
include_absolute_url = True
filtering = dict(
# other fields
id=ALL,
iati_activity_id=ALL,
status=ALL,
title=ALL,
budget=ALL,
funds=ALL,
funds_needed=ALL,
current_image=ALL,
# foreign keys
benchmarks=ALL_WITH_RELATIONS,
budget_items=ALL_WITH_RELATIONS,
categories=ALL_WITH_RELATIONS,
goals=ALL_WITH_RELATIONS,
invoices=ALL_WITH_RELATIONS,
links=ALL_WITH_RELATIONS,
locations=ALL_WITH_RELATIONS,
keywords=ALL_WITH_RELATIONS,
partnerships=ALL_WITH_RELATIONS,
project_comments=ALL_WITH_RELATIONS,
project_updates=ALL_WITH_RELATIONS,
)
def get_object_list(self, request):
""" The Project queryset is filtered depending on the user accessing the API
All users get Project.objects.published()
If the user is authenticated via an API key additional projects are added similarly to the access in the
admin:
Superusers get access to ALL projects
Users with "change_project" perm (currently Akvo staff users) also get access to ALL projects
Users with "rsr_limited_change_project" perm get access to all projects linked to their organisation
regardless of publishing status
"""
object_list = super(ProjectResource, self).get_object_list(request)
# The whole point of ConditionalApiKeyAuthentication is to allow some access even for unauthorised requests,
# but here we need to figure out if the request contains a name/key pair and if so allow access to unpublished
# projects. So we call ApiKeyAuthentication.is_authenticated() (using super() which returns True if there is an
# identified user holding an api key, AND is_authenticated() also sets request.user to the User object which we
# need to be able to call request.user.has_perm() correctly.
if self.Meta.authentication.is_authenticated(request) is True:
opts = Project._meta
if request.user.has_perm(opts.app_label + '.' +
get_permission_codename('change', opts)):
return object_list
elif request.user.has_perm(
opts.app_label + '.' +
get_permission_codename(RSR_LIMITED_CHANGE, opts)):
object_list = object_list.published(
) | object_list.of_partners(request.user.organisations.all())
return object_list.distinct()
return object_list.published()
def dehydrate(self, bundle):
""" add thumbnails inline info for Project.current_image
"""
bundle = super(ProjectResource, self).dehydrate(bundle)
if isinstance(bundle.data['created_at'], bool):
bundle.data['created_at'] = None
if isinstance(bundle.data['last_modified_at'], bool):
bundle.data['last_modified_at'] = None
bundle.data['current_image'] = {
'original': bundle.data['current_image'],
'thumbnails': get_extra_thumbnails(bundle.obj.current_image),
}
bundle.data['date_request_posted'] = bundle.data.pop(
'date_start_planned')
bundle.data['date_complete'] = bundle.data.pop('date_end_planned')
return bundle
class ProjectResource(ConditionalFullResource):
benchmarks = ConditionalFullToManyField(
'akvo.api.resources.BenchmarkResource',
'benchmarks',
)
budget_items = ConditionalFullToManyField(
'akvo.api.resources.BudgetItemResource', 'budget_items')
categories = ConditionalFullToManyField(
'akvo.api.resources.CategoryResource', 'categories')
goals = ConditionalFullToManyField('akvo.api.resources.GoalResource',
'goals')
invoices = ConditionalFullToManyField('akvo.api.resources.InvoiceResource',
'invoices')
links = ConditionalFullToManyField('akvo.api.resources.LinkResource',
'links')
locations = ConditionalFullToManyField(
'akvo.api.resources.ProjectLocationResource', 'locations')
partnerships = ConditionalFullToManyField(
'akvo.api.resources.PartnershipResource',
'partnerships',
)
primary_location = fields.ToOneField(
'akvo.api.resources.ProjectLocationResource',
'primary_location',
full=True,
null=True)
project_comments = ConditionalFullToManyField(
'akvo.api.resources.ProjectCommentResource', 'comments')
project_updates = ConditionalFullToManyField(
'akvo.api.resources.ProjectUpdateResource', 'project_updates')
class Meta:
allowed_methods = ['get']
authentication = MultiAuthentication(
ApiKeyAuthentication(),
Authentication(),
)
queryset = Project.objects.all(
) #Note: this is modified in get_object_list()
resource_name = 'project'
include_absolute_url = True
filtering = dict(
# other fields
status=ALL,
title=ALL,
budget=ALL,
funds=ALL,
funds_needed=ALL,
current_image=ALL,
# foreign keys
benchmarks=ALL_WITH_RELATIONS,
budget_items=ALL_WITH_RELATIONS,
categories=ALL_WITH_RELATIONS,
goals=ALL_WITH_RELATIONS,
invoices=ALL_WITH_RELATIONS,
links=ALL_WITH_RELATIONS,
locations=ALL_WITH_RELATIONS,
partnerships=ALL_WITH_RELATIONS,
project_comments=ALL_WITH_RELATIONS,
project_updates=ALL_WITH_RELATIONS,
)
def get_object_list(self, request):
""" The Project queryset is filtered depending on the user accessing the API
All users get Project.objects.published()
If the user is authenticated via an API key additional projects are added similarly to the access in the
admin:
Superusers get access to ALL projects
Users with "change_project" perm (currently Akvo staff users) also get access to ALL projects
Users with "rsr_limited_change_project" perm get access to all projects linked to their organisation
regardless of publishing status
"""
object_list = super(ProjectResource, self).get_object_list(request)
if self._meta.authentication.is_authenticated(request):
opts = Project._meta
if request.user.has_perm(opts.app_label + '.' +
opts.get_change_permission()):
return object_list
elif request.user.has_perm(
opts.app_label + '.' +
get_rsr_limited_change_permission(opts)):
object_list = object_list.published() | object_list.of_partner(
request.user.get_profile().organisation)
return object_list.distinct()
return object_list.published()
def dehydrate(self, bundle):
""" add thumbnails inline info for Project.current_image
"""
bundle = super(ProjectResource, self).dehydrate(bundle)
bundle.data['current_image'] = {
'original': bundle.data['current_image'],
'thumbnails': get_extra_thumbnails(bundle.obj.current_image),
}
return bundle