From patchwork Fri Sep 11 15:55:10 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Lespiau X-Patchwork-Id: 516880 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 661FB14012C for ; Sat, 12 Sep 2015 02:01:25 +1000 (AEST) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 43FC11A2C0F for ; Sat, 12 Sep 2015 02:01:25 +1000 (AEST) X-Original-To: patchwork@lists.ozlabs.org Delivered-To: patchwork@lists.ozlabs.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lists.ozlabs.org (Postfix) with ESMTP id 37A221A2BB0 for ; Sat, 12 Sep 2015 01:56:11 +1000 (AEST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP; 11 Sep 2015 08:56:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.17,511,1437462000"; d="scan'208";a="559867309" Received: from jeffzhua-mobl.amr.corp.intel.com (HELO strange.amr.corp.intel.com) ([10.254.88.85]) by FMSMGA003.fm.intel.com with ESMTP; 11 Sep 2015 08:56:09 -0700 From: Damien Lespiau To: patchwork@lists.ozlabs.org Subject: [PATCH 37/51] api: Expose a self object Date: Fri, 11 Sep 2015 16:55:10 +0100 Message-Id: <1441986924-26689-38-git-send-email-damien.lespiau@intel.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1441986924-26689-1-git-send-email-damien.lespiau@intel.com> References: <1441986924-26689-1-git-send-email-damien.lespiau@intel.com> X-BeenThere: patchwork@lists.ozlabs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Patchwork development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: patchwork-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Patchwork" I'd like to add specific action/request for the logged in user, so let's start to expose a 'self' object. For privacy reasons, the API doesn't allow to list all the users and each user can only access its own object. Signed-off-by: Damien Lespiau --- patchwork/serializers.py | 6 ++++++ patchwork/urls.py | 4 ++++ patchwork/views/api.py | 18 +++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/patchwork/serializers.py b/patchwork/serializers.py index 05c9f15..edffb6b 100644 --- a/patchwork/serializers.py +++ b/patchwork/serializers.py @@ -17,9 +17,15 @@ # along with Patchwork; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from django.contrib.auth.models import User from patchwork.models import Project, Series, SeriesRevision, Patch from rest_framework import serializers +class UserSerializer(serializers.ModelSerializer): + class Meta: + model = User + fields = ('username', 'first_name', 'last_name', ) + class ProjectSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = Project diff --git a/patchwork/urls.py b/patchwork/urls.py index 68ec759..7052941 100644 --- a/patchwork/urls.py +++ b/patchwork/urls.py @@ -27,6 +27,9 @@ import patchwork.views.api as api # API +# /self +users_router = routers.SimpleRouter() +users_router.register('self', api.UserViewSet) # /projects/$project/ project_router = routers.SimpleRouter() project_router.register('projects', api.ProjectViewSet) @@ -48,6 +51,7 @@ urlpatterns = patterns('', url(r'^admin/', include(admin.site.urls)), # API + (r'^api/1.0/', include(users_router.urls)), (r'^api/1.0/', include(project_router.urls)), (r'^api/1.0/', include(series_list_router.urls)), (r'^api/1.0/', include(series_router.urls)), diff --git a/patchwork/views/api.py b/patchwork/views/api.py index e8229ed..a0904b2 100644 --- a/patchwork/views/api.py +++ b/patchwork/views/api.py @@ -17,12 +17,13 @@ # along with Patchwork; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +from django.contrib.auth.models import User from patchwork.models import Project, Series, SeriesRevision from rest_framework import viewsets, mixins, generics, filters, permissions from rest_framework.response import Response from rest_framework.generics import get_object_or_404 from patchwork.serializers import ProjectSerializer, SeriesSerializer, \ - RevisionSerializer + RevisionSerializer, UserSerializer class MaintainerPermission(permissions.BasePermission): def has_object_permission(self, request, view, obj): @@ -36,6 +37,21 @@ class MaintainerPermission(permissions.BasePermission): return False return obj.project.is_editable(user) +class UserPermission(permissions.BasePermission): + def has_object_permission(self, request, view, obj): + # user data can be sensitive, only the user itself can access this + # information + return obj == request.user + +class UserViewSet(viewsets.ViewSet): + permission_classes = (UserPermission, ) + model = User + + def list(self, request): + self = User.objects.get(pk=request.user.pk) + serializer = UserSerializer(self) + return Response(serializer.data) + class ProjectViewSet(viewsets.ViewSet): permission_classes = (MaintainerPermission, ) model = Project