views.py 2.55 KB
Newer Older
1
2
3
"""
go/views.py

David Haynes's avatar
David Haynes committed
4
5
6
The functions that handle a request to a given URL. Get some data, manipulate
it, and return a rendered template.
"""
7
from rest_framework import viewsets, permissions
David Haynes's avatar
David Haynes committed
8
9
10
11
12
from rest_framework.authentication import TokenAuthentication, SessionAuthentication
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authtoken.models import Token
from rest_framework.permissions import IsAuthenticated
13
14
15
16
from rest_framework.authtoken.views import ObtainAuthToken

from .serializers import URLSerializer
from .models import URL
David Haynes's avatar
David Haynes committed
17

18

David Haynes's avatar
David Haynes committed
19
class URLPermission(permissions.BasePermission):
David Haynes's avatar
David Haynes committed
20
21
    """Custom permission check on URL model operations."""

David Haynes's avatar
David Haynes committed
22
    message = "You do not have the necessary approvals to perform that action."
David Haynes's avatar
David Haynes committed
23

David Haynes's avatar
David Haynes committed
24
25
    def has_permission(self, request, view):
        return request.user.registereduser.approved or request.user.is_staff
26

David Haynes's avatar
David Haynes committed
27
    def has_object_permission(self, request, view, obj):
David Haynes's avatar
David Haynes committed
28
        return obj.owner == request.user.registereduser or request.user.is_staff
29

David Haynes's avatar
David Haynes committed
30

David Haynes's avatar
David Haynes committed
31
class URLViewSet(viewsets.ModelViewSet):
32
    """
David Haynes's avatar
David Haynes committed
33
    API endpoint that handles creation/read/update/deletion of URL objects.
34
    """
David Haynes's avatar
David Haynes committed
35
36

    authentication_classes = (TokenAuthentication,)
David Haynes's avatar
David Haynes committed
37
    serializer_class = URLSerializer
David Haynes's avatar
David Haynes committed
38
39
    permission_classes = (URLPermission, IsAuthenticated)
    lookup_field = "short"
David Haynes's avatar
David Haynes committed
40
41
42
43

    def get_queryset(self):
        if not self.request.user.is_staff:
            return URL.objects.filter(owner=self.request.user.registereduser)
David Haynes's avatar
David Haynes committed
44
        return URL.objects.all()
David Haynes's avatar
David Haynes committed
45
46
47

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user.registereduser)
David Haynes's avatar
David Haynes committed
48
49
50
51
52
53
54
55
56
57


class CustomAuthToken(ObtainAuthToken):
    authentication_classes = (SessionAuthentication,)
    permission_classes = (IsAuthenticated,)

    def get(self, request, *args, **kwargs):
        token, created = Token.objects.get_or_create(user=request.user)
        return Response({"token": token.key})

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

class GetSessionInfo(APIView):
    """Handy endpoint to return current user session status & information to the frontend."""

    authentication_classes = (SessionAuthentication,)
    permission_classes = (IsAuthenticated,)

    def get(self, request, *args, **kwargs):
        token, created = Token.objects.get_or_create(user=request.user)
        session_info = {
            "username": request.user.username,
            # "full_name": f"{request.user.get_full_name}",
            "last_login": request.user.last_login,
            "is_authenticated": request.user.is_authenticated,
            "token": token.key,
        }
        return Response(session_info)