diff --git a/tailbone/api/auth.py b/tailbone/api/auth.py index 0664405a..59ac2ee8 100644 --- a/tailbone/api/auth.py +++ b/tailbone/api/auth.py @@ -91,15 +91,15 @@ class AuthenticationView(APIView): def defaults(cls, config): # session - config.add_route('api.session', '/api/session', request_method='GET') + config.add_route('api.session', '/session', request_method='GET') config.add_view(cls, attr='check_session', route_name='api.session', renderer='json') # login - config.add_route('api.login', '/api/login', request_method=('OPTIONS', 'POST')) + config.add_route('api.login', '/login', request_method=('OPTIONS', 'POST')) config.add_view(cls, attr='login', route_name='api.login', renderer='json') # logout - config.add_route('api.logout', '/api/logout', request_method=('OPTIONS', 'POST')) + config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST')) config.add_view(cls, attr='logout', route_name='api.logout', renderer='json') diff --git a/tailbone/api/customers.py b/tailbone/api/customers.py index 625154c8..da15c2e5 100644 --- a/tailbone/api/customers.py +++ b/tailbone/api/customers.py @@ -28,12 +28,12 @@ from __future__ import unicode_literals, absolute_import from rattail.db import model -from cornice.resource import resource +from cornice.resource import resource, view from tailbone.api import APIMasterView -@resource(collection_path='/api/customers', path='/api/customer/{uuid}') +@resource(collection_path='/customers', path='/customer/{uuid}') class CustomerView(APIMasterView): model_class = model.Customer @@ -44,6 +44,14 @@ class CustomerView(APIMasterView): 'name': customer.name, } + @view(permission='customers.list') + def collection_get(self): + return self._collection_get() + + @view(permission='customers.view') + def get(self): + return self._get() + def includeme(config): config.scan(__name__) diff --git a/tailbone/api/master.py b/tailbone/api/master.py index 68bdb016..1d4bafa3 100644 --- a/tailbone/api/master.py +++ b/tailbone/api/master.py @@ -36,8 +36,6 @@ class APIMasterView(APIView): """ Base class for data model REST API views. """ - allow_get = True - allow_collection_get = True @property def Session(self): @@ -60,16 +58,14 @@ class APIMasterView(APIView): if hasattr(cls, 'object_key'): return cls.object_key return cls.get_normalized_model_name() - # raise NotImplementedError("must set `object_key` for {}".format(cls.__name__)) @classmethod def get_collection_key(cls): if hasattr(cls, 'collection_key'): return cls.collection_key return '{}s'.format(cls.get_object_key()) - # raise NotImplementedError("must set `collection_key` for {}".format(cls.__name__)) - def collection_get(self): + def _collection_get(self): cls = self.get_model_class() objects = self.Session.query(cls) @@ -92,7 +88,7 @@ class APIMasterView(APIView): objects = [self.normalize(obj) for obj in objects] return {self.get_collection_key(): objects} - def get(self): + def _get(self): uuid = self.request.matchdict['uuid'] obj = self.Session.query(self.get_model_class()).get(uuid) if not obj: diff --git a/tailbone/api/upgrades.py b/tailbone/api/upgrades.py index e2a12a0b..620ed4f8 100644 --- a/tailbone/api/upgrades.py +++ b/tailbone/api/upgrades.py @@ -30,12 +30,12 @@ import six from rattail.db import model -from cornice.resource import resource +from cornice.resource import resource, view from tailbone.api import APIMasterView -@resource(collection_path='/api/upgrades', path='/api/upgrades/{uuid}') +@resource(collection_path='/upgrades', path='/upgrades/{uuid}') class UpgradeAPIView(APIMasterView): """ REST API views for Upgrade model. @@ -57,6 +57,14 @@ class UpgradeAPIView(APIMasterView): six.text_type(upgrade.status_code)) return data + @view(permission='upgrades.list') + def collection_get(self): + return self._collection_get() + + @view(permission='upgrades.view') + def get(self): + return self._get() + def includeme(config): config.scan(__name__) diff --git a/tailbone/api/users.py b/tailbone/api/users.py index 5b6786dc..f237c885 100644 --- a/tailbone/api/users.py +++ b/tailbone/api/users.py @@ -30,12 +30,12 @@ import six from rattail.db import model -from cornice.resource import resource +from cornice.resource import resource, view from tailbone.api import APIMasterView -@resource(collection_path='/api/users', path='/api/users/{uuid}') +@resource(collection_path='/users', path='/users/{uuid}') class UserView(APIMasterView): model_class = model.User @@ -46,6 +46,14 @@ class UserView(APIMasterView): 'person': six.text_type(user.person or ''), } + @view(permission='users.list') + def collection_get(self): + return self._collection_get() + + @view(permission='users.view') + def get(self): + return self._get() + def includeme(config): config.scan(__name__)