Refactor API views a bit for sake of running as separate service
also add "proper" (sic) permission checks
This commit is contained in:
Lance Edgar
parent
9b61b05155
commit
fec8ba28e2
|
|
@ -91,15 +91,15 @@ class AuthenticationView(APIView):
|
|||
def defaults(cls, config):
|
||||
|
||||
# session
|
||||
config.add_route('api.session', '/api/session', request_method='GET')
|
||||
config.add_route('api.session', '/session', request_method='GET')
|
||||
config.add_view(cls, attr='check_session', route_name='api.session', renderer='json')
|
||||
|
||||
# login
|
||||
config.add_route('api.login', '/api/login', request_method=('OPTIONS', 'POST'))
|
||||
config.add_route('api.login', '/login', request_method=('OPTIONS', 'POST'))
|
||||
config.add_view(cls, attr='login', route_name='api.login', renderer='json')
|
||||
|
||||
# logout
|
||||
config.add_route('api.logout', '/api/logout', request_method=('OPTIONS', 'POST'))
|
||||
config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST'))
|
||||
config.add_view(cls, attr='logout', route_name='api.logout', renderer='json')
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -28,12 +28,12 @@ from __future__ import unicode_literals, absolute_import
|
|||
|
||||
from rattail.db import model
|
||||
|
||||
from cornice.resource import resource
|
||||
from cornice.resource import resource, view
|
||||
|
||||
from tailbone.api import APIMasterView
|
||||
|
||||
|
||||
@resource(collection_path='/api/customers', path='/api/customer/{uuid}')
|
||||
@resource(collection_path='/customers', path='/customer/{uuid}')
|
||||
class CustomerView(APIMasterView):
|
||||
|
||||
model_class = model.Customer
|
||||
|
|
@ -44,6 +44,14 @@ class CustomerView(APIMasterView):
|
|||
'name': customer.name,
|
||||
}
|
||||
|
||||
@view(permission='customers.list')
|
||||
def collection_get(self):
|
||||
return self._collection_get()
|
||||
|
||||
@view(permission='customers.view')
|
||||
def get(self):
|
||||
return self._get()
|
||||
|
||||
|
||||
def includeme(config):
|
||||
config.scan(__name__)
|
||||
|
|
|
|||
|
|
@ -36,8 +36,6 @@ class APIMasterView(APIView):
|
|||
"""
|
||||
Base class for data model REST API views.
|
||||
"""
|
||||
allow_get = True
|
||||
allow_collection_get = True
|
||||
|
||||
@property
|
||||
def Session(self):
|
||||
|
|
@ -60,16 +58,14 @@ class APIMasterView(APIView):
|
|||
if hasattr(cls, 'object_key'):
|
||||
return cls.object_key
|
||||
return cls.get_normalized_model_name()
|
||||
# raise NotImplementedError("must set `object_key` for {}".format(cls.__name__))
|
||||
|
||||
@classmethod
|
||||
def get_collection_key(cls):
|
||||
if hasattr(cls, 'collection_key'):
|
||||
return cls.collection_key
|
||||
return '{}s'.format(cls.get_object_key())
|
||||
# raise NotImplementedError("must set `collection_key` for {}".format(cls.__name__))
|
||||
|
||||
def collection_get(self):
|
||||
def _collection_get(self):
|
||||
cls = self.get_model_class()
|
||||
objects = self.Session.query(cls)
|
||||
|
||||
|
|
@ -92,7 +88,7 @@ class APIMasterView(APIView):
|
|||
objects = [self.normalize(obj) for obj in objects]
|
||||
return {self.get_collection_key(): objects}
|
||||
|
||||
def get(self):
|
||||
def _get(self):
|
||||
uuid = self.request.matchdict['uuid']
|
||||
obj = self.Session.query(self.get_model_class()).get(uuid)
|
||||
if not obj:
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@ import six
|
|||
|
||||
from rattail.db import model
|
||||
|
||||
from cornice.resource import resource
|
||||
from cornice.resource import resource, view
|
||||
|
||||
from tailbone.api import APIMasterView
|
||||
|
||||
|
||||
@resource(collection_path='/api/upgrades', path='/api/upgrades/{uuid}')
|
||||
@resource(collection_path='/upgrades', path='/upgrades/{uuid}')
|
||||
class UpgradeAPIView(APIMasterView):
|
||||
"""
|
||||
REST API views for Upgrade model.
|
||||
|
|
@ -57,6 +57,14 @@ class UpgradeAPIView(APIMasterView):
|
|||
six.text_type(upgrade.status_code))
|
||||
return data
|
||||
|
||||
@view(permission='upgrades.list')
|
||||
def collection_get(self):
|
||||
return self._collection_get()
|
||||
|
||||
@view(permission='upgrades.view')
|
||||
def get(self):
|
||||
return self._get()
|
||||
|
||||
|
||||
def includeme(config):
|
||||
config.scan(__name__)
|
||||
|
|
|
|||
|
|
@ -30,12 +30,12 @@ import six
|
|||
|
||||
from rattail.db import model
|
||||
|
||||
from cornice.resource import resource
|
||||
from cornice.resource import resource, view
|
||||
|
||||
from tailbone.api import APIMasterView
|
||||
|
||||
|
||||
@resource(collection_path='/api/users', path='/api/users/{uuid}')
|
||||
@resource(collection_path='/users', path='/users/{uuid}')
|
||||
class UserView(APIMasterView):
|
||||
|
||||
model_class = model.User
|
||||
|
|
@ -46,6 +46,14 @@ class UserView(APIMasterView):
|
|||
'person': six.text_type(user.person or ''),
|
||||
}
|
||||
|
||||
@view(permission='users.list')
|
||||
def collection_get(self):
|
||||
return self._collection_get()
|
||||
|
||||
@view(permission='users.view')
|
||||
def get(self):
|
||||
return self._get()
|
||||
|
||||
|
||||
def includeme(config):
|
||||
config.scan(__name__)
|
||||
|
|
|
|||
Loading…
Reference in a new issue