Get resource URLs installed in REST API returns.

2026-01-09 23:12:08 -03:30 · 2013-03-21 00:12:03 -04:00 · 2013-03-21 00:12:03 -04:00 · 6422214b5e
commit 6422214b5e
parent 27c515f281
5 changed files with 32 additions and 6 deletions
--- a/lib/main/models/init.py
+++ b/lib/main/models/init.py
@ -1,6 +1,7 @@
 from django.db import models
 from django.db.models import CASCADE, SET_NULL, PROTECT
 from django.utils.translation import ugettext_lazy as _
+from django.core.urlresolvers import reverse

 # TODO: jobs and events model TBD
 # TODO: reporting model TBD
@ -64,6 +65,10 @@ class Organization(CommonModel):
    admins   = models.ManyToManyField('User', blank=True, related_name='admin_of_organizations')
    projects = models.ManyToManyField('Project', blank=True, related_name='organizations')

+    def get_absolute_url(self):
+        import lib.urls
+        return reverse(lib.urls.views_OrganizationsDetail, args=(self.pk,))
+
 class Inventory(CommonModel):
    ''' 
    an inventory source contains lists and hosts.
--- a/lib/main/serializers.py
+++ b/lib/main/serializers.py
@ -4,7 +4,8 @@ from rest_framework import serializers, pagination

 class OrganizationSerializer(serializers.ModelSerializer):

+    url = serializers.CharField(source='get_absolute_url', read_only=True)
+
    class Meta:
        model = Organization
-        fields = ('name', 'description')
-
+        fields = ('url', 'name', 'description')
--- a/lib/main/tests.py
+++ b/lib/main/tests.py
@ -134,7 +134,7 @@ class OrganizationsTest(BaseTest):
        # superuser credentials == 200, full list
        data = self.get(self.collection(), expect=200, auth=self.get_super_credentials())
        self.check_pagination_and_size(data, 10, previous=None, next=None)
-        [self.assertTrue(key in data['results'][0]) for key in ['name', 'description' ]] # url
+        [self.assertTrue(key in data['results'][0]) for key in ['name', 'description', 'url' ]]

        # normal credentials == 200, get only organizations that I am actually added to (there are 2)
        data = self.get(self.collection(), expect=200, auth=self.get_normal_credentials())
--- a/lib/main/views.py
+++ b/lib/main/views.py
@ -2,6 +2,7 @@ from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
 #from rest_framework.renderers import JSONRenderer
 #from rest_framework.parsers import JSONParser
+
 from lib.main.models import *
 from lib.main.serializers import *
 from django.contrib.auth.models import AnonymousUser
@ -9,7 +10,7 @@ from django.contrib.auth.models import AnonymousUser
 from rest_framework import mixins
 from rest_framework import generics
 from rest_framework import permissions
-from rest_framework import permissions
+#from rest_framework.authentication import authentication

 # TODO: verify pagination
 # TODO: how to add relative resources
@ -18,15 +19,31 @@ from rest_framework import permissions
 class CustomRbac(permissions.BasePermission):

    def has_permission(self, request, view, obj=None):
+
+        # no anonymous users
        if type(request.user) == AnonymousUser:
            return False

+        # superusers are always good
+        if request.user.is_superuser:
+            return True
+
+        # other users must have associated acom user records
+        # and be active
+        acom_user = User.objects.filter(auth_user = request.user)
+        if len(acom_user) != 1:
+            return False
+        if not acom_user[0].active:
+            return False
+
        if obj is None:
            return True
        else:
+            # haven't tested around these confines yet
            raise Exception("FIXME")

    def has_object_permission(self, request, view, obj):
+        # make sure we're running with a tested version since this is a security-related function
        raise Exception("newer than expected version of django-rest-framework installed")


--- a/lib/urls.py
+++ b/lib/urls.py
@ -2,10 +2,13 @@ from django.conf import settings
 from django.conf.urls import *
 import lib.main.views as views

+views_OrganizationsList = views.OrganizationsList.as_view()
+views_OrganizationsDetail = views.OrganizationsDetail.as_view()
+
 urlpatterns = patterns('',
    url(r'', include('lib.web.urls')),
-    url(r'^api/v1/organizations/$',                 views.OrganizationsList.as_view()),
-    url(r'^api/v1/organizations/(?P<pk>[0-9]+)/$',  views.OrganizationsDetail.as_view()),
+    url(r'^api/v1/organizations/$',                 views_OrganizationsList),
+    url(r'^api/v1/organizations/(?P<pk>[0-9]+)/$',  views_OrganizationsDetail),
 )

 if 'django.contrib.admin' in settings.INSTALLED_APPS: