From a0ebc47ade1e23b391c9608638f1f7928fe13049 Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Tue, 26 Jan 2021 22:15:09 +0100 Subject: [PATCH] api permission fixes + shopping list default view mode --- cookbook/templates/shopping_list.html | 2 +- cookbook/views/api.py | 77 +++++++++++++-------------- 2 files changed, 39 insertions(+), 40 deletions(-) diff --git a/cookbook/templates/shopping_list.html b/cookbook/templates/shopping_list.html index 021356f8..2d2f0428 100644 --- a/cookbook/templates/shopping_list.html +++ b/cookbook/templates/shopping_list.html @@ -363,7 +363,7 @@ data: { shopping_list_id: {% if shopping_list_id %}{{ shopping_list_id }}{% else %}null{% endif %}, loading: true, - edit_mode: true, + edit_mode: false, export_text_prefix: '', //TODO add userpreference recipe_query: '', recipes: [], diff --git a/cookbook/views/api.py b/cookbook/views/api.py index 8d82eaef..0c573079 100644 --- a/cookbook/views/api.py +++ b/cookbook/views/api.py @@ -55,6 +55,31 @@ from cookbook.serializer import (FoodSerializer, IngredientSerializer, from recipes.settings import DEMO +class StandardFilterMixin(ViewSetMixin): + + def get_queryset(self): + queryset = self.queryset + query = self.request.query_params.get('query', None) + if query is not None: + queryset = queryset.filter(name__icontains=query) + + updated_at = self.request.query_params.get('updated_at', None) + if updated_at is not None: + try: + queryset = queryset.filter(updated_at__gte=updated_at) + except FieldError: + pass + + limit = self.request.query_params.get('limit', None) + random = self.request.query_params.get('random', False) + if limit is not None: + if random: + queryset = queryset.random(int(limit)) + else: + queryset = queryset[:int(limit)] + return queryset + + class UserNameViewSet(viewsets.ReadOnlyModelViewSet): """ list: @@ -116,31 +141,6 @@ class SyncLogViewSet(viewsets.ReadOnlyModelViewSet): permission_classes = [CustomIsAdmin, ] -class StandardFilterMixin(ViewSetMixin): - - def get_queryset(self): - queryset = self.queryset - query = self.request.query_params.get('query', None) - if query is not None: - queryset = queryset.filter(name__icontains=query) - - updated_at = self.request.query_params.get('updated_at', None) - if updated_at is not None: - try: - queryset = queryset.filter(updated_at__gte=updated_at) - except FieldError: - pass - - limit = self.request.query_params.get('limit', None) - random = self.request.query_params.get('random', False) - if limit is not None: - if random: - queryset = queryset.random(int(limit)) - else: - queryset = queryset[:int(limit)] - return queryset - - class SupermarketViewSet(viewsets.ModelViewSet, StandardFilterMixin): queryset = Supermarket.objects.all() serializer_class = SupermarketSerializer @@ -188,7 +188,7 @@ class RecipeBookViewSet(viewsets.ModelViewSet, StandardFilterMixin): class RecipeBookEntryViewSet(viewsets.ModelViewSet, viewsets.GenericViewSet): queryset = RecipeBookEntry.objects.all() serializer_class = RecipeBookEntrySerializer - permission_classes = [CustomIsOwner, CustomIsAdmin] + permission_classes = [CustomIsOwner] def get_queryset(self): if self.request.user.is_superuser: @@ -207,7 +207,7 @@ class MealPlanViewSet(viewsets.ModelViewSet): """ queryset = MealPlan.objects.all() serializer_class = MealPlanSerializer - permission_classes = [permissions.IsAuthenticated] # TODO fix permissions + permission_classes = [CustomIsOwner] def get_queryset(self): queryset = MealPlan.objects.filter( @@ -232,11 +232,10 @@ class MealTypeViewSet(viewsets.ModelViewSet): """ queryset = MealType.objects.order_by('order').all() serializer_class = MealTypeSerializer - permission_classes = [permissions.IsAuthenticated] + permission_classes = [CustomIsOwner] def get_queryset(self): - queryset = MealType.objects.order_by('order', 'id') \ - .filter(created_by=self.request.user).all() + queryset = MealType.objects.order_by('order', 'id').filter(created_by=self.request.user).all() return queryset @@ -317,17 +316,19 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin): class ShoppingListRecipeViewSet(viewsets.ModelViewSet): queryset = ShoppingListRecipe.objects.all() serializer_class = ShoppingListRecipeSerializer - permission_classes = [CustomIsUser, ] # TODO add custom validation + permission_classes = [CustomIsOwner, ] - # TODO custom get qs + def get_queryset(self): + return self.queryset.filter(shoppinglist__created_by=self.request.user).all() class ShoppingListEntryViewSet(viewsets.ModelViewSet): queryset = ShoppingListEntry.objects.all() serializer_class = ShoppingListEntrySerializer - permission_classes = [CustomIsOwner, ] # TODO add custom validation + permission_classes = [CustomIsOwner, ] - # TODO custom get qs + def get_queryset(self): + return self.queryset.filter(shoppinglist__created_by=self.request.user).all() class ShoppingListViewSet(viewsets.ModelViewSet): @@ -352,12 +353,10 @@ class ShoppingListViewSet(viewsets.ModelViewSet): class ViewLogViewSet(viewsets.ModelViewSet): queryset = ViewLog.objects.all() serializer_class = ViewLogSerializer - permission_classes = [permissions.IsAuthenticated] + permission_classes = [CustomIsOwner] def get_queryset(self): - queryset = ViewLog.objects \ - .filter(created_by=self.request.user).all()[:5] - return queryset + return CookLog.objects.filter(created_by=self.request.user).all()[:5] class CookLogViewSet(viewsets.ModelViewSet): @@ -366,7 +365,7 @@ class CookLogViewSet(viewsets.ModelViewSet): permission_classes = [CustomIsOwner] def get_queryset(self): - queryset = ViewLog.objects.filter(created_by=self.request.user).all()[:5] + queryset = CookLog.objects.filter(created_by=self.request.user).all()[:5] return queryset