Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
SRCT
go
Commits
84f7d732
Commit
84f7d732
authored
Jul 29, 2018
by
David Haynes
🙆
Browse files
API endpoint to create links
- only presented information that you need - permissions model guarentees ownership
parent
4e24576c
Pipeline
#2637
passed with stage
in 51 seconds
Changes
5
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
docker-startup.sh
View file @
84f7d732
...
...
@@ -8,12 +8,9 @@ export GO_SECRET_KEY
export
GO_CREATE_SUPERUSER
GO_SECRET_KEY
=
$(
dd
if
=
/dev/urandom
count
=
100 |
tr
-dc
"A-Za-z0-9"
|
fold
-w
60 |
head
-n1
2>/dev/null
)
GO_CREATE_SUPERUSER
=
"from django.contrib.auth import get_user_model; User = get_user_model(); me = User.objects.get(username='admin'); me.first_name = 'mr'; me.last_name = 'admin'; me.save(); "
python go/manage.py makemigrations
python go/manage.py makemigrations go
python go/manage.py migrate
python go/manage.py createsuperuser
--noinput
--username
=
"
$SUPERUSER
"
--email
=
"
$SUPERUSER$GO_EMAIL_DOMAIN
"
echo
"
$GO_CREATE_SUPERUSER
"
| python go/manage.py shell
python go/manage.py runserver 0.0.0.0:8000
\ No newline at end of file
go/go/cas_callbacks.py
View file @
84f7d732
...
...
@@ -5,6 +5,8 @@ Parse the CAS/PF responses and create users in the database.
"""
# Other Imports
import
requests
import
os
# Django Imports
from
django.conf
import
settings
from
django.contrib.auth.models
import
User
...
...
@@ -94,6 +96,9 @@ def create_user(tree: list):
# Password is a required User object field, though doesn't matter for our
# purposes because all user auth is handled through CAS, not Django's login.
user
.
set_password
(
'cas_used_instead'
)
if
os
.
environ
[
'GO_ENV'
]
!=
'production'
:
user
.
is_staff
=
True
user
.
is_superuser
=
True
user
.
save
()
if
user_created
:
...
...
go/go/serializers.py
View file @
84f7d732
...
...
@@ -3,27 +3,13 @@ go/serializers.py
Define how data is translated from the database to json/API representation.
"""
# Django Imports
from
django.contrib.auth.models
import
User
,
Group
# App Imports
from
.models
import
URL
,
RegisteredUser
# Third Party Imports
from
rest_framework
import
serializers
class
UserSerializer
(
serializers
.
HyperlinkedModelSerializer
):
class
Meta
:
model
=
User
fields
=
(
'url'
,
'username'
,
'email'
,
'first_name'
,
'last_name'
,
'is_staff'
)
class
RegisteredUserSerializer
(
serializers
.
HyperlinkedModelSerializer
):
class
Meta
:
model
=
RegisteredUser
fields
=
'__all__'
class
URLSerializer
(
serializers
.
HyperlinkedModelSerializer
):
class
Meta
:
model
=
URL
fields
=
'__all__'
fields
=
(
'destination'
,
'short'
,
'date_expires'
)
go/go/views.py
View file @
84f7d732
...
...
@@ -28,34 +28,28 @@ from .models import URL, RegisteredUser
from
django.contrib.auth.models
import
User
,
Group
from
rest_framework
import
viewsets
from
rest_framework
import
permissions
from
.serializers
import
U
serSerializer
,
URLSerializer
,
RegisteredUser
Serializer
from
.serializers
import
U
RL
Serializer
class
CrudPermission
(
permissions
.
BasePermission
):
def
has_object_permission
(
self
,
request
,
view
,
obj
):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if
request
.
method
in
permissions
.
SAFE_METHODS
:
return
True
class
URLPermission
(
permissions
.
BasePermission
):
message
=
"You do not have the necessary approvals to perform that action."
def
has_permission
(
self
,
request
,
view
):
return
request
.
user
.
registereduser
.
approved
or
request
.
user
.
is_staff
def
has_object_permission
(
self
,
request
,
view
,
obj
):
return
obj
.
owner
==
request
.
user
.
registereduser
or
request
.
user
.
is_staff
class
RegisteredUserViewSet
(
viewsets
.
ModelViewSet
):
"""
API endpoint that allows RegisteredUsers to be viewed or edited.
"""
queryset
=
RegisteredUser
.
objects
.
all
()
serializer_class
=
RegisteredUserSerializer
class
UserViewSet
(
viewsets
.
ModelViewSet
):
"""
API endpoint that allows users to be viewed or edited.
"""
queryset
=
User
.
objects
.
all
().
order_by
(
'-date_joined'
)
serializer_class
=
UserSerializer
class
URLViewSet
(
viewsets
.
ModelViewSet
):
"""
API endpoint that handles creation/read/update/deletion of URL objects.
"""
serializer_class
=
URLSerializer
queryset
=
URL
.
objects
.
all
()
permission_classes
=
(
URLPermission
,)
def
get_queryset
(
self
):
if
not
self
.
request
.
user
.
is_staff
:
return
URL
.
objects
.
filter
(
owner
=
self
.
request
.
user
.
registereduser
)
else
:
return
URL
.
objects
.
all
()
def
perform_create
(
self
,
serializer
):
serializer
.
save
(
owner
=
self
.
request
.
user
.
registereduser
)
go/settings/urls.py
View file @
84f7d732
...
...
@@ -18,9 +18,7 @@ from cas import views as cas_views
from
rest_framework
import
routers
router
=
routers
.
DefaultRouter
()
router
.
register
(
r
'my'
,
views
.
URLViewSet
)
router
.
register
(
r
'users'
,
views
.
UserViewSet
)
router
.
register
(
r
'registereduser'
,
views
.
RegisteredUserViewSet
)
router
.
register
(
r
'golinks'
,
views
.
URLViewSet
,
base_name
=
"golinks"
)
# This function attempts to import an admin module in each installed
# application. Such modules are expected to register models with the admin.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment