Oauth2 provider and initial api

2016-11-20 14:46:46 +01:00
parent 60edc3f3c2
commit d57ecb495b
6 changed files with 89 additions and 4611 deletions
--- a/rowers/permissions.py
+++ b/rowers/permissions.py
@@ -0,0 +1,21 @@
+from rest_framework import permissions
+from rowers.models import Rower
+
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    """
+    Custom permission to only allow owners of an object to edit it.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        # Write permissions are only allowed to the owner of the snippet.
+        return obj.owner == request.user
+
+class IsOwnerOrNot(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        r = Rower.objects.get(user=request.user)
+        return (obj.user == r)
--- a/rowers/serializers.py
+++ b/rowers/serializers.py
@@ -0,0 +1,36 @@
+from rest_framework import serializers
+from rowers.models import Workout,Rower
+
+# Serializers define the API representation.
+class RowerSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = Rower
+        fields = (
+            'weightcategory',
+            )
+
+        
+class WorkoutSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = Workout
+        fields = (
+            'id',
+            'name',
+            'date',
+            'workouttype',
+            'boattype',
+            'starttime',
+            'startdatetime',
+            'distance',
+            'duration',
+            'weightcategory',
+            'weightvalue',
+            'averagehr',
+            'maxhr',
+            'notes',
+            'summary',
+            'csvfilename',
+        )
+
+        
+        
--- a/rowers/urls.py
+++ b/rowers/urls.py
@@ -2,9 +2,10 @@ from django.conf import settings
 from django.conf.urls import url, include
 from django.contrib.auth.models import User

-from models import Workout
+from models import Workout,Rower

-from rest_framework import routers, serializers, viewsets
+from rest_framework import routers, serializers, viewsets,permissions
+from rest_framework.urlpatterns import format_suffix_patterns

 from . import views
 from django.contrib.auth import views as auth_views
@@ -13,45 +14,18 @@ from django.conf.urls import (
    handler400, handler403, handler404, handler500,
    )

-# Serializers define the API representation.
-class UserSerializer(serializers.HyperlinkedModelSerializer):
-    class Meta:
-        model = User
-        fields = ('url', 'username', 'email', 'is_staff')
-
-class WorkoutSerializer(serializers.HyperlinkedModelSerializer):
-    class Meta:
-        model = Workout
-        fields = (
-            'name',
-            'date',
-            'workouttype',
-            'boattype',
-            'starttime',
-            'startdatetime',
-            'distance',
-            'duration',
-            'weightcategory',
-            'weightvalue',
-            'averagehr',
-            'maxhr',
-            'notes',
-            'summary',
-        )
+from rowers.permissions import IsOwnerOrNot
+from rowers.serializers import WorkoutSerializer
        
-# ViewSets define the view behavior.
-class UserViewSet(viewsets.ModelViewSet):
-    queryset = User.objects.all()
-    serializer_class = UserSerializer
-
 class WorkoutViewSet(viewsets.ModelViewSet):
-    queryset = Workout.objects.all()
+    queryset = Workout.objects.all().order_by("-date", "-starttime")
    serializer_class = WorkoutSerializer
+    permission_classes = (IsOwnerOrNot,)
+
    
 # Routers provide an easy way of automatically determining the URL conf.
 router = routers.DefaultRouter()
-router.register(r'users', UserViewSet)
-router.register(r'workouts',WorkoutViewSet)
+router.register(r'api/workouts',WorkoutViewSet)

 handler500 = 'views.error500_view'
 handler404 = 'views.error404_view'
@@ -61,7 +35,7 @@ handler403 = 'views.error403_view'
 urlpatterns = [
 #    url(r'^password_change/$',auth_views.password_change),
 #    url(r'^password_change_done/$',auth_views.password_change_done),
-    url(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')),
+    url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
    url(r'^', include(router.urls)),
    url(r'^api-docs$', views.schema_view),
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
@@ -190,3 +164,5 @@ if settings.DEBUG:
 	url(r'^testreverse/$',views.test_reverse_view),
 	url(r'^c2listug/$',views.c2listdebug_view),
 	]
+
+#urlpatterns = format_suffix_patterns(urlpatterns)
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -62,6 +62,14 @@ queuelow = django_rq.get_queue('low')
 queuehigh = django_rq.get_queue('low')

 from rest_framework_swagger.views import get_swagger_view
+from rest_framework.renderers import JSONRenderer
+from rest_framework.parsers import JSONParser
+from rest_framework.response import Response
+from rowers.serializers import RowerSerializer,WorkoutSerializer
+from rest_framework import status,permissions,generics
+from rest_framework.decorators import api_view
+
+from permissions import IsOwnerOrNot

 import plots
 import mailprocessing
@@ -76,8 +84,10 @@ USER_LANGUAGE = 'en-US'

 from interactiveplots import *

-schema_view = get_swagger_view(title='Rowsandall API')
+schema_view = get_swagger_view(title='Rowsandall API (Unstable)')

+    
+        
 def error500_view(request):
    response = render_to_response('500.html', {},
 				  context_instance = RequestContext(request))
@@ -1759,7 +1769,7 @@ def workouts_view(request,message='',successmessage=''):
 		       'successmessage':successmessage,
 		       })
    except Rower.DoesNotExist:
-	return HttpResponse("Admin has no rower instance")
+	return HttpResponse("User has no rower instance")

@user_passes_test(promember,login_url="/login")
 def workout_comparison_list(request,id=0,message='',successmessage=''):
@@ -1779,7 +1789,7 @@ def workout_comparison_list(request,id=0,message='',successmessage=''):
 		       'successmessage':successmessage,
 		       })
    except Rower.DoesNotExist:
-	return HttpResponse("Admin has no rower instance")
+	return HttpResponse("User has no rower instance")

 def workout_view(request,id=0):
    try:
@@ -3914,7 +3924,7 @@ def dashboard_view(request,message="",successmessage=""):
 			   'successmessage':successmessage})			  
 				 
    except Rower.DoesNotExist:
-	return HttpResponse("Admin has no rower instance")
+	return HttpResponse("User has no rower instance")
    

@login_required()
@@ -3931,7 +3941,7 @@ def graphs_view(request):
 			  {'graphs1': g[0:5],
 			   'graphs2': g[5:10]})
    except Rower.DoesNotExist:
-	return HttpResponse("Admin has no rower instance")
+	return HttpResponse("User has no rower instance")


 def graph_show_view(request,id):