From 6d166bf0d83f600e18bfb8337a89812bcb526dbb Mon Sep 17 00:00:00 2001 From: Brian Pepple Date: Thu, 6 Jan 2022 16:22:06 -0500 Subject: [PATCH] Revert "post api changes" --- comicsdb/permission.py | 46 -------------------------------------- comicsdb/serializers.py | 41 ++------------------------------- comicsdb/views/viewsets.py | 29 +++++++----------------- users/tests/case_base.py | 9 -------- users/views.py | 6 ----- 5 files changed, 10 insertions(+), 121 deletions(-) delete mode 100644 comicsdb/permission.py diff --git a/comicsdb/permission.py b/comicsdb/permission.py deleted file mode 100644 index 60b2eabf..00000000 --- a/comicsdb/permission.py +++ /dev/null @@ -1,46 +0,0 @@ -from django.contrib.auth.models import Group -from rest_framework import permissions - - -def _is_in_group(user, group_name): - """ - Takes a user and a group name, and returns `True` if the user is in that group. - """ - try: - return Group.objects.get(name=group_name).user_set.filter(id=user.id).exists() - except Group.DoesNotExist: - return None - - -def _has_group_permission(user, required_groups): - return any(_is_in_group(user, group_name) for group_name in required_groups) - - -class IsLoggedInUserOrEditor(permissions.BasePermission): - required_groups = ["editor"] - - def has_object_permission(self, request, view, obj): - has_group_permission = _has_group_permission(request.user, self.required_groups) - if self.required_groups is None: - return False - return obj == request.user or has_group_permission - - -class IsEditor(permissions.BasePermission): - required_groups = ["editor"] - - def has_permission(self, request, view): - has_group_permission = _has_group_permission(request.user, self.required_groups) - return request.user and has_group_permission - - def has_object_permission(self, request, view, obj): - has_group_permission = _has_group_permission(request.user, self.required_groups) - return request.user and has_group_permission - - -class IsEditorOrContributor(permissions.BasePermission): - required_groups = ["editor", "contributor"] - - def has_permission(self, request, view): - has_group_permission = _has_group_permission(request.user, self.required_groups) - return request.user and has_group_permission diff --git a/comicsdb/serializers.py b/comicsdb/serializers.py index f33885ee..e5ff3150 100644 --- a/comicsdb/serializers.py +++ b/comicsdb/serializers.py @@ -84,25 +84,7 @@ class Meta: class ArcSerializer(serializers.ModelSerializer): class Meta: model = Arc - fields = ("id", "name", "desc", "modified") - read_only_field = ("image",) - - # TODO: Need to handle uploading of ImageField. - - def create(self, validated_data): - """ - Create and return a new `Arc` instance, given the validated data. - """ - return Arc.objects.create(**validated_data) - - def update(self, instance, validated_data): - """ - Update and return an existing `Arc` instance, given the validated data. - """ - instance.name = validated_data.get("name", instance.name) - instance.desc = validated_data.get("desc", instance.desc) - instance.save() - return instance + fields = ("id", "name", "desc", "image", "modified") class CharacterSerializer(serializers.ModelSerializer): @@ -117,30 +99,11 @@ class Meta: "alias", "desc", "wikipedia", + "image", "creators", "teams", "modified", ) - read_only_field = ("image",) - - # TODO: Need to handle uploading of ImageField. - - def create(self, validated_data): - """ - Create and return a new `Character` instance, given the validated data. - """ - return Character.objects.create(**validated_data) - - def update(self, instance, validated_data): - """ - Update and return an existing `Character` instance, given the validated data. - """ - instance.name = validated_data.get("name", instance.name) - instance.alias = validated_data.get("alias", instance.alias) - instance.desc = validated_data.get("desc", instance.desc) - instance.wikipedia = validated_data.get("wikipedia", instance.wikipedia) - instance.save() - return instance class CreatorSerializer(serializers.ModelSerializer): diff --git a/comicsdb/views/viewsets.py b/comicsdb/views/viewsets.py index 72ced633..a8d6f94a 100644 --- a/comicsdb/views/viewsets.py +++ b/comicsdb/views/viewsets.py @@ -7,7 +7,6 @@ from comicsdb.filters.issue import IssueFilter from comicsdb.filters.name import NameFilter from comicsdb.filters.series import SeriesFilter -from comicsdb.permission import IsEditor, IsEditorOrContributor from comicsdb.models import ( Arc, Character, @@ -38,7 +37,7 @@ ) -class ArcViewSet(viewsets.ModelViewSet): +class ArcViewSet(viewsets.ReadOnlyModelViewSet): """ list: Returns a list of all the story arcs. @@ -54,15 +53,9 @@ class ArcViewSet(viewsets.ModelViewSet): def get_serializer_class(self): if self.action == "list": return ArcListSerializer - return ArcSerializer - - def get_permissions(self): - permission_classes = [] - if self.action in ["create", "update", "partial_update", "destroy"]: - permission_classes = [IsEditor] - elif self.action in ["retrieve", "list"]: - permission_classes = [IsEditorOrContributor] - return [permission() for permission in permission_classes] + if self.action == "retrieve": + return ArcSerializer + return ArcListSerializer @action(detail=True) def issue_list(self, request, pk=None): @@ -81,7 +74,7 @@ def issue_list(self, request, pk=None): raise Http404() -class CharacterViewSet(viewsets.ModelViewSet): +class CharacterViewSet(viewsets.ReadOnlyModelViewSet): """ list: Return a list of all the characters. @@ -97,15 +90,9 @@ class CharacterViewSet(viewsets.ModelViewSet): def get_serializer_class(self): if self.action == "list": return CharacterListSerializer - return CharacterSerializer - - def get_permissions(self): - permission_classes = [] - if self.action in ["create", "update", "partial_update", "destroy"]: - permission_classes = [IsEditor] - elif self.action in ["retrieve", "list"]: - permission_classes = [IsEditorOrContributor] - return [permission() for permission in permission_classes] + if self.action == "retrieve": + return CharacterSerializer + return CharacterListSerializer class CreatorViewSet(viewsets.ReadOnlyModelViewSet): diff --git a/users/tests/case_base.py b/users/tests/case_base.py index 17c30a0f..d2d45ee2 100644 --- a/users/tests/case_base.py +++ b/users/tests/case_base.py @@ -1,4 +1,3 @@ -from django.contrib.auth.models import Group, Permission from django.test import TestCase from users.models import CustomUser @@ -11,14 +10,6 @@ def _create_user(cls): user.set_password("1234") user.save() - # TODO: Need to split the group bit out for better test coverage (post, delete, etc) - contributor_group = Group.objects.create(name="contributor") - permission_codename = ["view_arc"] - for permission in permission_codename: - perm = Permission.objects.filter(codename=permission).first() - contributor_group.permissions.add(perm) - user.groups.add(contributor_group) - return user def _client_login(self): diff --git a/users/views.py b/users/views.py index 6997e51d..f75d62a6 100644 --- a/users/views.py +++ b/users/views.py @@ -3,7 +3,6 @@ from django.contrib import messages from django.contrib.auth import login, update_session_auth_hash from django.contrib.auth.forms import PasswordChangeForm -from django.contrib.auth.models import Group from django.contrib.sites.shortcuts import get_current_site from django.shortcuts import redirect, render from django.template.loader import render_to_string @@ -42,11 +41,6 @@ def activate(request, uidb64, token): user.is_active = True user.email_confirmed = True user.save() - - # Add the user to the contributor group. - contributor_group = Group.objects.get(name="contributor") - user.groups.add(contributor_group) - login(request, user) # Send pushover notification tha user activated account send_pushover(f"{user} activated their account on Metron.")