basic space stuff
This commit is contained in:
vabene1111
@ -59,7 +59,7 @@ from recipes.settings import DEMO
|
||||
class StandardFilterMixin(ViewSetMixin):
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = self.queryset
|
||||
queryset = self.queryset.filter(userpreference__space=self.request.user.userpreference.space)
|
||||
query = self.request.query_params.get('query', None)
|
||||
if query is not None:
|
||||
queryset = queryset.filter(name__icontains=query)
|
||||
@ -90,13 +90,13 @@ class UserNameViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
|
||||
- **filter_list**: array of user id's to get names for
|
||||
"""
|
||||
queryset = User.objects.all()
|
||||
queryset = User.objects
|
||||
serializer_class = UserNameSerializer
|
||||
permission_classes = [CustomIsGuest]
|
||||
http_method_names = ['get']
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = self.queryset
|
||||
queryset = self.queryset.filter(userpreference__space=self.request.user.userpreference.space)
|
||||
try:
|
||||
filter_list = self.request.query_params.get('filter_list', None)
|
||||
if filter_list is not None:
|
||||
@ -110,7 +110,7 @@ class UserNameViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
|
||||
|
||||
class UserPreferenceViewSet(viewsets.ModelViewSet):
|
||||
queryset = UserPreference.objects.all()
|
||||
queryset = UserPreference.objects
|
||||
serializer_class = UserPreferenceSerializer
|
||||
permission_classes = [CustomIsOwner, ]
|
||||
|
||||
@ -120,35 +120,45 @@ class UserPreferenceViewSet(viewsets.ModelViewSet):
|
||||
serializer.save(user=self.request.user)
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
return self.queryset
|
||||
return self.queryset.filter(user=self.request.user)
|
||||
|
||||
|
||||
class StorageViewSet(viewsets.ModelViewSet):
|
||||
# TODO handle delete protect error and adjust test
|
||||
queryset = Storage.objects.all()
|
||||
queryset = Storage.objects
|
||||
serializer_class = StorageSerializer
|
||||
permission_classes = [CustomIsAdmin, ]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class SyncViewSet(viewsets.ModelViewSet):
|
||||
queryset = Sync.objects.all()
|
||||
queryset = Sync.objects
|
||||
serializer_class = SyncSerializer
|
||||
permission_classes = [CustomIsAdmin, ]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class SyncLogViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
queryset = SyncLog.objects.all()
|
||||
queryset = SyncLog.objects
|
||||
serializer_class = SyncLogSerializer
|
||||
permission_classes = [CustomIsAdmin, ]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class SupermarketViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
queryset = Supermarket.objects.all()
|
||||
queryset = Supermarket.objects
|
||||
serializer_class = SupermarketSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class KeywordViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
"""
|
||||
@ -159,44 +169,48 @@ class KeywordViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
in the keyword name (case in-sensitive)
|
||||
- **limit**: limits the amount of returned results
|
||||
"""
|
||||
queryset = Keyword.objects.all()
|
||||
queryset = Keyword.objects
|
||||
serializer_class = KeywordSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class UnitViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
queryset = Unit.objects.all()
|
||||
queryset = Unit.objects
|
||||
serializer_class = UnitSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class FoodViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
queryset = Food.objects.all()
|
||||
queryset = Food.objects
|
||||
serializer_class = FoodSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class RecipeBookViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
queryset = RecipeBook.objects.all()
|
||||
queryset = RecipeBook.objects
|
||||
serializer_class = RecipeBookSerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
self.queryset = super(RecipeBookViewSet, self).get_queryset()
|
||||
if self.request.user.is_superuser:
|
||||
return self.queryset
|
||||
return self.queryset.filter(created_by=self.request.user)
|
||||
return self.queryset.filter(created_by=self.request.user).filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class RecipeBookEntryViewSet(viewsets.ModelViewSet, viewsets.GenericViewSet):
|
||||
queryset = RecipeBookEntry.objects.all()
|
||||
queryset = RecipeBookEntry.objects
|
||||
serializer_class = RecipeBookEntrySerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
return self.queryset
|
||||
return self.queryset.filter(created_by=self.request.user)
|
||||
return self.queryset.filter(created_by=self.request.user).filter(space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class MealPlanViewSet(viewsets.ModelViewSet):
|
||||
@ -208,15 +222,15 @@ class MealPlanViewSet(viewsets.ModelViewSet):
|
||||
- **to_date**: filter upward to (inclusive) certain date
|
||||
|
||||
"""
|
||||
queryset = MealPlan.objects.all()
|
||||
queryset = MealPlan.objects
|
||||
serializer_class = MealPlanSerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = MealPlan.objects.filter(
|
||||
queryset = self.queryset.filter(
|
||||
Q(created_by=self.request.user) |
|
||||
Q(shared=self.request.user)
|
||||
).distinct().all()
|
||||
).filter(space=self.request.user.userpreference.space).distinct().all()
|
||||
|
||||
from_date = self.request.query_params.get('from_date', None)
|
||||
if from_date is not None:
|
||||
@ -233,26 +247,32 @@ class MealTypeViewSet(viewsets.ModelViewSet):
|
||||
returns list of meal types created by the
|
||||
requesting user ordered by the order field.
|
||||
"""
|
||||
queryset = MealType.objects.order_by('order').all()
|
||||
queryset = MealType.objects
|
||||
serializer_class = MealTypeSerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = MealType.objects.order_by('order', 'id').filter(created_by=self.request.user).all()
|
||||
queryset = self.queryset.order_by('order', 'id').filter(created_by=self.request.user).filter(space=self.request.user.userpreference.space).all()
|
||||
return queryset
|
||||
|
||||
|
||||
class IngredientViewSet(viewsets.ModelViewSet):
|
||||
queryset = Ingredient.objects.all()
|
||||
queryset = Ingredient.objects
|
||||
serializer_class = IngredientSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(step__recipe__space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class StepViewSet(viewsets.ModelViewSet):
|
||||
queryset = Step.objects.all()
|
||||
queryset = Step.objects
|
||||
serializer_class = StepSerializer
|
||||
permission_classes = [CustomIsUser]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(recipe__space=self.request.user.userpreference.space)
|
||||
|
||||
|
||||
class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
"""
|
||||
@ -263,18 +283,19 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
in the recipe name (case in-sensitive)
|
||||
- **limit**: limits the amount of returned results
|
||||
"""
|
||||
queryset = Recipe.objects.all()
|
||||
queryset = Recipe.objects
|
||||
serializer_class = RecipeSerializer
|
||||
# TODO split read and write permission for meal plan guest
|
||||
permission_classes = [CustomIsShare | CustomIsGuest]
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = self.queryset.filter(space=self.request.user.userpreference.space)
|
||||
|
||||
internal = self.request.query_params.get('internal', None)
|
||||
if internal:
|
||||
self.queryset = self.queryset.filter(internal=True)
|
||||
queryset = queryset.filter(internal=True)
|
||||
|
||||
return super().get_queryset()
|
||||
return queryset
|
||||
|
||||
# TODO write extensive tests for permissions
|
||||
|
||||
@ -317,34 +338,32 @@ class RecipeViewSet(viewsets.ModelViewSet, StandardFilterMixin):
|
||||
|
||||
|
||||
class ShoppingListRecipeViewSet(viewsets.ModelViewSet):
|
||||
queryset = ShoppingListRecipe.objects.all()
|
||||
queryset = ShoppingListRecipe.objects
|
||||
serializer_class = ShoppingListRecipeSerializer
|
||||
permission_classes = [CustomIsOwner, ]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(shoppinglist__created_by=self.request.user).all()
|
||||
return self.queryset.filter(shoppinglist__created_by=self.request.user).filter(space=self.request.user.userpreference.space).all()
|
||||
|
||||
|
||||
class ShoppingListEntryViewSet(viewsets.ModelViewSet):
|
||||
queryset = ShoppingListEntry.objects.all()
|
||||
queryset = ShoppingListEntry.objects
|
||||
serializer_class = ShoppingListEntrySerializer
|
||||
permission_classes = [CustomIsOwner, ]
|
||||
|
||||
def get_queryset(self):
|
||||
return self.queryset.filter(shoppinglist__created_by=self.request.user).all()
|
||||
return self.queryset.filter(shoppinglist__created_by=self.request.user).filter(space=self.request.user.userpreference.space).all()
|
||||
|
||||
|
||||
class ShoppingListViewSet(viewsets.ModelViewSet):
|
||||
queryset = ShoppingList.objects.all()
|
||||
queryset = ShoppingList.objects
|
||||
serializer_class = ShoppingListSerializer
|
||||
permission_classes = [CustomIsOwner | CustomIsShared]
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
return self.queryset
|
||||
return self.queryset.filter(
|
||||
Q(created_by=self.request.user) | Q(shared=self.request.user)
|
||||
).all()
|
||||
).filter(space=self.request.user.userpreference.space).all()
|
||||
|
||||
def get_serializer_class(self):
|
||||
autosync = self.request.query_params.get('autosync', None)
|
||||
@ -354,21 +373,21 @@ class ShoppingListViewSet(viewsets.ModelViewSet):
|
||||
|
||||
|
||||
class ViewLogViewSet(viewsets.ModelViewSet):
|
||||
queryset = ViewLog.objects.all()
|
||||
queryset = ViewLog.objects
|
||||
serializer_class = ViewLogSerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
return CookLog.objects.filter(created_by=self.request.user).all()[:5]
|
||||
return CookLog.objects.filter(created_by=self.request.user).filter(space=self.request.user.userpreference.space).all()[:5]
|
||||
|
||||
|
||||
class CookLogViewSet(viewsets.ModelViewSet):
|
||||
queryset = CookLog.objects.all()
|
||||
queryset = CookLog.objects
|
||||
serializer_class = CookLogSerializer
|
||||
permission_classes = [CustomIsOwner]
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = CookLog.objects.filter(created_by=self.request.user).all()[:5]
|
||||
queryset = CookLog.objects.filter(created_by=self.request.user).filter(space=self.request.user.userpreference.space).all()[:5]
|
||||
return queryset
|
||||
|
||||
|
||||
@ -395,7 +414,7 @@ def update_recipe_links(recipe):
|
||||
|
||||
@group_required('user')
|
||||
def get_external_file_link(request, recipe_id):
|
||||
recipe = Recipe.objects.get(id=recipe_id)
|
||||
recipe = Recipe.objects.filter(space=request.user.userpreference.space).get(id=recipe_id)
|
||||
if not recipe.link:
|
||||
update_recipe_links(recipe)
|
||||
|
||||
@ -404,7 +423,7 @@ def get_external_file_link(request, recipe_id):
|
||||
|
||||
@group_required('guest')
|
||||
def get_recipe_file(request, recipe_id):
|
||||
recipe = Recipe.objects.get(id=recipe_id)
|
||||
recipe = Recipe.objects.filter(space=request.user.userpreference.space).get(id=recipe_id)
|
||||
if recipe.storage:
|
||||
return FileResponse(get_recipe_provider(recipe).get_file(recipe))
|
||||
else:
|
||||
@ -419,7 +438,7 @@ def sync_all(request):
|
||||
)
|
||||
return redirect('index')
|
||||
|
||||
monitors = Sync.objects.filter(active=True)
|
||||
monitors = Sync.objects.filter(active=True).filter(space=request.user.userpreference.space)
|
||||
|
||||
error = False
|
||||
for monitor in monitors:
|
||||
@ -471,7 +490,7 @@ def log_cooking(request, recipe_id):
|
||||
def get_plan_ical(request, from_date, to_date):
|
||||
queryset = MealPlan.objects.filter(
|
||||
Q(created_by=request.user) | Q(shared=request.user)
|
||||
).distinct().all()
|
||||
).filter(space=request.user.userpreference.space).distinct().all()
|
||||
|
||||
if from_date is not None:
|
||||
queryset = queryset.filter(date__gte=from_date)
|
||||
@ -525,22 +544,6 @@ def recipe_from_url(request):
|
||||
return get_from_html(response.text, url)
|
||||
|
||||
|
||||
@group_required('admin')
|
||||
def get_backup(request):
|
||||
if not request.user.is_superuser:
|
||||
return HttpResponse('', status=403)
|
||||
|
||||
buf = io.StringIO()
|
||||
management.call_command(
|
||||
'dumpdata', exclude=['contenttypes', 'auth'], stdout=buf
|
||||
)
|
||||
|
||||
response = FileResponse(buf.getvalue())
|
||||
response["Content-Disposition"] = f'attachment; filename=backup{date_format(timezone.now(), format="SHORT_DATETIME_FORMAT", use_l10n=True)}.json' # noqa: E501
|
||||
|
||||
return response
|
||||
|
||||
|
||||
@group_required('user')
|
||||
def ingredient_from_string(request):
|
||||
text = request.POST['text']
|
||||
|
||||
Reference in New Issue
Block a user