tbs093a
/
music.service.backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade permissions for Account/Guest classes && add documentation for views in Account

develop
TBS093A 2020-06-21 11:55:18 +02:00
parent 344f71295c
commit 6a54b4d959
4 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
portfolio/account/__pycache__/views.cpython-36.pyc
View File

Binary file not shown.

25
portfolio/account/views.py
View File

@ -1,5 +1,7 @@
from rest_framework import viewsets, mixins from rest_framework import viewsets, mixins
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework import permissions
from rest_framework.decorators import permission_classes
from rest_framework.authtoken.views import ObtainAuthToken from rest_framework.authtoken.views import ObtainAuthToken
from drf_yasg.utils import swagger_auto_schema from drf_yasg.utils import swagger_auto_schema
@ -10,10 +12,26 @@ from .models import Account, Guest
from .serializers import * from .serializers import *
class AccountViewSet(viewsets.ModelViewSet): class AnonAndUserPermissions(permissions.BasePermission):
"""
Anonymous user always can create && User can modify self records only
this is override of permissions in settings
"""
def has_object_permission(self, request, view, obj):
if request.method == 'POST':
return True
return str(obj.username) == str(request.user)
class AccountViewSet(viewsets.ModelViewSet):
"""
A User CRUD `retrieve()`, `list()` and abstract `create()` (`create()` is register)
and `update()` from class `ModelViewSet` in viewsets
"""
queryset = Account.objects.all() queryset = Account.objects.all()
serializer_class = AccountSerializer serializer_class = AccountSerializer
permission_classes = (AnonAndUserPermissions, )
@swagger_auto_schema(responses={ 200: AccountGetSerializer }) @swagger_auto_schema(responses={ 200: AccountGetSerializer })
def retrieve(self, request, pk=None): def retrieve(self, request, pk=None):
@ -29,7 +47,9 @@ class AccountViewSet(viewsets.ModelViewSet):
class AccountAuth(ObtainAuthToken): class AccountAuth(ObtainAuthToken):
"""
A User Authorization `login()`, `logout()`
"""
queryset = Account.objects.all() queryset = Account.objects.all()
serializer_class = AccountAuthSerializer serializer_class = AccountAuthSerializer
@ -52,3 +72,4 @@ class AccountAuth(ObtainAuthToken):
class GuestViewSet(viewsets.ModelViewSet): class GuestViewSet(viewsets.ModelViewSet):
queryset = Guest.objects.all() queryset = Guest.objects.all()
serializer_class = GuestSerializer serializer_class = GuestSerializer
permission_classes = (AnonAndUserPermissions, )

BIN
portfolio/album/__pycache__/serializers.cpython-36.pyc
View File

Binary file not shown.

2
portfolio/album/serializers.py
View File

@ -20,7 +20,7 @@ class TrackRowSerializer(serializers.ModelSerializer):
return TrackRow.create(TrackRow, validated_data) return TrackRow.create(TrackRow, validated_data)
def update(self, instance, validated_data): def update(self, instance, validated_data):
return instance.update(instance, validated_data) return instance.update(validated_data)
class Meta: class Meta:
model = TrackRow model = TrackRow