sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

Oauth2 provider and initial api

Browse Source
This commit is contained in:
Sander Roosendaal
2016-11-20 14:46:46 +01:00
parent 60edc3f3c2
commit d57ecb495b
6 changed files with 89 additions and 4611 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4566
media/20160916-145919-marco.csv
View File

File diff suppressed because it is too large Load Diff

21
rowers/permissions.py Normal file
View File

@@ -0,0 +1,21 @@
from rest_framework import permissions
from rowers.models import Rower
class IsOwnerOrReadOnly(permissions.BasePermission):
"""
Custom permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the snippet.
return obj.owner == request.user
class IsOwnerOrNot(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
r = Rower.objects.get(user=request.user)
return (obj.user == r)

36
rowers/serializers.py Normal file
View File

@@ -0,0 +1,36 @@
from rest_framework import serializers
from rowers.models import Workout,Rower
# Serializers define the API representation.
class RowerSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Rower
fields = (
'weightcategory',
)
class WorkoutSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Workout
fields = (
'id',
'name',
'date',
'workouttype',
'boattype',
'starttime',
'startdatetime',
'distance',
'duration',
'weightcategory',
'weightvalue',
'averagehr',
'maxhr',
'notes',
'summary',
'csvfilename',
)

48
rowers/urls.py
View File

@@ -2,9 +2,10 @@ from django.conf import settings
from django.conf.urls import url, include from django.conf.urls import url, include
from django.contrib.auth.models import User from django.contrib.auth.models import User
from models import Workout from models import Workout,Rower
from rest_framework import routers, serializers, viewsets from rest_framework import routers, serializers, viewsets,permissions
from rest_framework.urlpatterns import format_suffix_patterns
from . import views from . import views
from django.contrib.auth import views as auth_views from django.contrib.auth import views as auth_views
@@ -13,45 +14,18 @@ from django.conf.urls import (
handler400, handler403, handler404, handler500, handler400, handler403, handler404, handler500,
) )
# Serializers define the API representation. from rowers.permissions import IsOwnerOrNot
class UserSerializer(serializers.HyperlinkedModelSerializer): from rowers.serializers import WorkoutSerializer
class Meta:
model = User
fields = ('url', 'username', 'email', 'is_staff')
class WorkoutSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Workout
fields = (
'name',
'date',
'workouttype',
'boattype',
'starttime',
'startdatetime',
'distance',
'duration',
'weightcategory',
'weightvalue',
'averagehr',
'maxhr',
'notes',
'summary',
)
# ViewSets define the view behavior.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
class WorkoutViewSet(viewsets.ModelViewSet): class WorkoutViewSet(viewsets.ModelViewSet):
queryset = Workout.objects.all() queryset = Workout.objects.all().order_by("-date", "-starttime")
serializer_class = WorkoutSerializer serializer_class = WorkoutSerializer
permission_classes = (IsOwnerOrNot,)
# Routers provide an easy way of automatically determining the URL conf. # Routers provide an easy way of automatically determining the URL conf.
router = routers.DefaultRouter() router = routers.DefaultRouter()
router.register(r'users', UserViewSet) router.register(r'api/workouts',WorkoutViewSet)
router.register(r'workouts',WorkoutViewSet)
handler500 = 'views.error500_view' handler500 = 'views.error500_view'
handler404 = 'views.error404_view' handler404 = 'views.error404_view'
@@ -61,7 +35,7 @@ handler403 = 'views.error403_view'
urlpatterns = [ urlpatterns = [
# url(r'^password_change/$',auth_views.password_change), # url(r'^password_change/$',auth_views.password_change),
# url(r'^password_change_done/$',auth_views.password_change_done), # url(r'^password_change_done/$',auth_views.password_change_done),
url(r'^oauth2/', include('provider.oauth2.urls', namespace = 'oauth2')), url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),
url(r'^', include(router.urls)), url(r'^', include(router.urls)),
url(r'^api-docs$', views.schema_view), url(r'^api-docs$', views.schema_view),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
@@ -190,3 +164,5 @@ if settings.DEBUG:
url(r'^testreverse/$',views.test_reverse_view), url(r'^testreverse/$',views.test_reverse_view),
url(r'^c2listug/$',views.c2listdebug_view), url(r'^c2listug/$',views.c2listdebug_view),
] ]
#urlpatterns = format_suffix_patterns(urlpatterns)

20
rowers/views.py
View File

@@ -62,6 +62,14 @@ queuelow = django_rq.get_queue('low')
queuehigh = django_rq.get_queue('low') queuehigh = django_rq.get_queue('low')
from rest_framework_swagger.views import get_swagger_view from rest_framework_swagger.views import get_swagger_view
from rest_framework.renderers import JSONRenderer
from rest_framework.parsers import JSONParser
from rest_framework.response import Response
from rowers.serializers import RowerSerializer,WorkoutSerializer
from rest_framework import status,permissions,generics
from rest_framework.decorators import api_view
from permissions import IsOwnerOrNot
import plots import plots
import mailprocessing import mailprocessing
@@ -76,8 +84,10 @@ USER_LANGUAGE = 'en-US'
from interactiveplots import * from interactiveplots import *
schema_view = get_swagger_view(title='Rowsandall API') schema_view = get_swagger_view(title='Rowsandall API (Unstable)')
def error500_view(request): def error500_view(request):
response = render_to_response('500.html', {}, response = render_to_response('500.html', {},
context_instance = RequestContext(request)) context_instance = RequestContext(request))
@@ -1759,7 +1769,7 @@ def workouts_view(request,message='',successmessage=''):
'successmessage':successmessage, 'successmessage':successmessage,
}) })
except Rower.DoesNotExist: except Rower.DoesNotExist:
return HttpResponse("Admin has no rower instance") return HttpResponse("User has no rower instance")
@user_passes_test(promember,login_url="/login") @user_passes_test(promember,login_url="/login")
def workout_comparison_list(request,id=0,message='',successmessage=''): def workout_comparison_list(request,id=0,message='',successmessage=''):
@@ -1779,7 +1789,7 @@ def workout_comparison_list(request,id=0,message='',successmessage=''):
'successmessage':successmessage, 'successmessage':successmessage,
}) })
except Rower.DoesNotExist: except Rower.DoesNotExist:
return HttpResponse("Admin has no rower instance") return HttpResponse("User has no rower instance")
def workout_view(request,id=0): def workout_view(request,id=0):
try: try:
@@ -3914,7 +3924,7 @@ def dashboard_view(request,message="",successmessage=""):
'successmessage':successmessage}) 'successmessage':successmessage})
except Rower.DoesNotExist: except Rower.DoesNotExist:
return HttpResponse("Admin has no rower instance") return HttpResponse("User has no rower instance")
@login_required() @login_required()
@@ -3931,7 +3941,7 @@ def graphs_view(request):
{'graphs1': g[0:5], {'graphs1': g[0:5],
'graphs2': g[5:10]}) 'graphs2': g[5:10]})
except Rower.DoesNotExist: except Rower.DoesNotExist:
return HttpResponse("Admin has no rower instance") return HttpResponse("User has no rower instance")
def graph_show_view(request,id): def graph_show_view(request,id):

9
rowsandall_app/settings.py
View File

@@ -49,8 +49,7 @@ INSTALLED_APPS = [
'django_mailbox', 'django_mailbox',
'rest_framework', 'rest_framework',
'rest_framework_swagger', 'rest_framework_swagger',
'provider', 'oauth2_provider',
# 'provider.oauth2',
] ]
MIDDLEWARE_CLASSES = [ MIDDLEWARE_CLASSES = [
@@ -61,6 +60,7 @@ MIDDLEWARE_CLASSES = [
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'oauth2_provider.middleware.OAuth2TokenMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'debug_toolbar.middleware.DebugToolbarMiddleware', 'debug_toolbar.middleware.DebugToolbarMiddleware',
@@ -240,11 +240,12 @@ REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions, # Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users. # or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': [ 'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly' 'rest_framework.permissions.IsAuthenticated'
], ],
'DEFAULT_AUTHENTICATION_CLASSES': ( 'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
# 'rest_framework.authentication.OAuth2Authentication', 'oauth2_provider.ext.rest_framework.OAuth2Authentication',
), ),
'PAGE_SIZE': 20,
} }