Refactor API views a bit for sake of running as separate service

also add "proper" (sic) permission checks
This commit is contained in:
Lance Edgar 2018-11-03 18:55:26 -05:00
parent 9b61b05155
commit fec8ba28e2
5 changed files with 35 additions and 15 deletions

View file

@ -91,15 +91,15 @@ class AuthenticationView(APIView):
def defaults(cls, config): def defaults(cls, config):
# session # session
config.add_route('api.session', '/api/session', request_method='GET') config.add_route('api.session', '/session', request_method='GET')
config.add_view(cls, attr='check_session', route_name='api.session', renderer='json') config.add_view(cls, attr='check_session', route_name='api.session', renderer='json')
# login # login
config.add_route('api.login', '/api/login', request_method=('OPTIONS', 'POST')) config.add_route('api.login', '/login', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='login', route_name='api.login', renderer='json') config.add_view(cls, attr='login', route_name='api.login', renderer='json')
# logout # logout
config.add_route('api.logout', '/api/logout', request_method=('OPTIONS', 'POST')) config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='logout', route_name='api.logout', renderer='json') config.add_view(cls, attr='logout', route_name='api.logout', renderer='json')

View file

@ -28,12 +28,12 @@ from __future__ import unicode_literals, absolute_import
from rattail.db import model from rattail.db import model
from cornice.resource import resource from cornice.resource import resource, view
from tailbone.api import APIMasterView from tailbone.api import APIMasterView
@resource(collection_path='/api/customers', path='/api/customer/{uuid}') @resource(collection_path='/customers', path='/customer/{uuid}')
class CustomerView(APIMasterView): class CustomerView(APIMasterView):
model_class = model.Customer model_class = model.Customer
@ -44,6 +44,14 @@ class CustomerView(APIMasterView):
'name': customer.name, 'name': customer.name,
} }
@view(permission='customers.list')
def collection_get(self):
return self._collection_get()
@view(permission='customers.view')
def get(self):
return self._get()
def includeme(config): def includeme(config):
config.scan(__name__) config.scan(__name__)

View file

@ -36,8 +36,6 @@ class APIMasterView(APIView):
""" """
Base class for data model REST API views. Base class for data model REST API views.
""" """
allow_get = True
allow_collection_get = True
@property @property
def Session(self): def Session(self):
@ -60,16 +58,14 @@ class APIMasterView(APIView):
if hasattr(cls, 'object_key'): if hasattr(cls, 'object_key'):
return cls.object_key return cls.object_key
return cls.get_normalized_model_name() return cls.get_normalized_model_name()
# raise NotImplementedError("must set `object_key` for {}".format(cls.__name__))
@classmethod @classmethod
def get_collection_key(cls): def get_collection_key(cls):
if hasattr(cls, 'collection_key'): if hasattr(cls, 'collection_key'):
return cls.collection_key return cls.collection_key
return '{}s'.format(cls.get_object_key()) return '{}s'.format(cls.get_object_key())
# raise NotImplementedError("must set `collection_key` for {}".format(cls.__name__))
def collection_get(self): def _collection_get(self):
cls = self.get_model_class() cls = self.get_model_class()
objects = self.Session.query(cls) objects = self.Session.query(cls)
@ -92,7 +88,7 @@ class APIMasterView(APIView):
objects = [self.normalize(obj) for obj in objects] objects = [self.normalize(obj) for obj in objects]
return {self.get_collection_key(): objects} return {self.get_collection_key(): objects}
def get(self): def _get(self):
uuid = self.request.matchdict['uuid'] uuid = self.request.matchdict['uuid']
obj = self.Session.query(self.get_model_class()).get(uuid) obj = self.Session.query(self.get_model_class()).get(uuid)
if not obj: if not obj:

View file

@ -30,12 +30,12 @@ import six
from rattail.db import model from rattail.db import model
from cornice.resource import resource from cornice.resource import resource, view
from tailbone.api import APIMasterView from tailbone.api import APIMasterView
@resource(collection_path='/api/upgrades', path='/api/upgrades/{uuid}') @resource(collection_path='/upgrades', path='/upgrades/{uuid}')
class UpgradeAPIView(APIMasterView): class UpgradeAPIView(APIMasterView):
""" """
REST API views for Upgrade model. REST API views for Upgrade model.
@ -57,6 +57,14 @@ class UpgradeAPIView(APIMasterView):
six.text_type(upgrade.status_code)) six.text_type(upgrade.status_code))
return data return data
@view(permission='upgrades.list')
def collection_get(self):
return self._collection_get()
@view(permission='upgrades.view')
def get(self):
return self._get()
def includeme(config): def includeme(config):
config.scan(__name__) config.scan(__name__)

View file

@ -30,12 +30,12 @@ import six
from rattail.db import model from rattail.db import model
from cornice.resource import resource from cornice.resource import resource, view
from tailbone.api import APIMasterView from tailbone.api import APIMasterView
@resource(collection_path='/api/users', path='/api/users/{uuid}') @resource(collection_path='/users', path='/users/{uuid}')
class UserView(APIMasterView): class UserView(APIMasterView):
model_class = model.User model_class = model.User
@ -46,6 +46,14 @@ class UserView(APIMasterView):
'person': six.text_type(user.person or ''), 'person': six.text_type(user.person or ''),
} }
@view(permission='users.list')
def collection_get(self):
return self._collection_get()
@view(permission='users.view')
def get(self):
return self._get()
def includeme(config): def includeme(config):
config.scan(__name__) config.scan(__name__)