views.py 2.01 KB
Newer Older
1
2
3
"""
go/views.py

David Haynes's avatar
David Haynes committed
4
5
6
The functions that handle a request to a given URL. Get some data, manipulate
it, and return a rendered template.
"""
7
from rest_framework import viewsets
David Haynes's avatar
David Haynes committed
8
from rest_framework import permissions
David Haynes's avatar
David Haynes committed
9
from rest_framework.authentication import TokenAuthentication, SessionAuthentication
David Haynes's avatar
David Haynes committed
10
from .serializers import URLSerializer
David Haynes's avatar
David Haynes committed
11
12
13
14
15
16
from .models import URL
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authtoken.models import Token
from rest_framework.permissions import IsAuthenticated

17

David Haynes's avatar
David Haynes committed
18
class URLPermission(permissions.BasePermission):
David Haynes's avatar
David Haynes committed
19
20
    """Custom permission check on URL model operations."""

David Haynes's avatar
David Haynes committed
21
    message = "You do not have the necessary approvals to perform that action."
David Haynes's avatar
David Haynes committed
22

David Haynes's avatar
David Haynes committed
23
24
    def has_permission(self, request, view):
        return request.user.registereduser.approved or request.user.is_staff
25

David Haynes's avatar
David Haynes committed
26
    def has_object_permission(self, request, view, obj):
David Haynes's avatar
David Haynes committed
27
        return obj.owner == request.user.registereduser or request.user.is_staff
28

David Haynes's avatar
David Haynes committed
29

David Haynes's avatar
David Haynes committed
30
class URLViewSet(viewsets.ModelViewSet):
31
    """
David Haynes's avatar
David Haynes committed
32
    API endpoint that handles creation/read/update/deletion of URL objects.
33
    """
David Haynes's avatar
David Haynes committed
34
35

    authentication_classes = (TokenAuthentication,)
David Haynes's avatar
David Haynes committed
36
    serializer_class = URLSerializer
David Haynes's avatar
David Haynes committed
37
38
    permission_classes = (URLPermission, IsAuthenticated)
    lookup_field = "short"
David Haynes's avatar
David Haynes committed
39
40
41
42

    def get_queryset(self):
        if not self.request.user.is_staff:
            return URL.objects.filter(owner=self.request.user.registereduser)
David Haynes's avatar
David Haynes committed
43
        return URL.objects.all()
David Haynes's avatar
David Haynes committed
44
45
46

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user.registereduser)
David Haynes's avatar
David Haynes committed
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61


from rest_framework.authtoken.views import ObtainAuthToken
from rest_framework.authtoken.models import Token
from rest_framework.response import Response


class CustomAuthToken(ObtainAuthToken):
    authentication_classes = (SessionAuthentication,)
    permission_classes = (IsAuthenticated,)

    def get(self, request, *args, **kwargs):
        token, created = Token.objects.get_or_create(user=request.user)
        return Response({"token": token.key})