From 6b61381e32622ef51c4fa474801d9ddb58d850a3 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Fri, 22 Mar 2013 15:22:30 -0400 Subject: [PATCH] Move base view code to seperate file, start of generalizing --- lib/main/base_views.py | 45 ++++++++++++++++++++++++++++++++++++++++++ lib/main/views.py | 32 +----------------------------- 2 files changed, 46 insertions(+), 31 deletions(-) create mode 100644 lib/main/base_views.py diff --git a/lib/main/base_views.py b/lib/main/base_views.py new file mode 100644 index 0000000000..f75f5eeb46 --- /dev/null +++ b/lib/main/base_views.py @@ -0,0 +1,45 @@ +from django.http import HttpResponse +from django.views.decorators.csrf import csrf_exempt +from lib.main.models import * +from django.contrib.auth.models import User +from lib.main.serializers import * +from lib.main.rbac import * +from django.core.exceptions import PermissionDenied +from rest_framework import mixins +from rest_framework import generics +from rest_framework import permissions +from rest_framework.response import Response +from rest_framework import status +import exceptions +import datetime + +# FIXME: machinery for auto-adding audit trail logs to all CREATE/EDITS + +class BaseList(generics.ListCreateAPIView): + + def list_permissions_check(self, request, obj=None): + ''' determines some early yes/no access decisions, pre-filtering ''' + if request.method == 'GET': + return True + if request.method == 'POST': + return False + raise exceptions.NotImplementedError + + def get_queryset(self): + return self._get_queryset().filter(active=True) + +class BaseDetail(generics.RetrieveUpdateDestroyAPIView): + + def pre_save(self, obj): + obj.created_by = owner = self.request.user + + def destroy(self, request, *args, **kwargs): + # somewhat lame that delete has to call it's own permissions check + obj = self.model.objects.get(pk=kwargs['pk']) + if not request.user.is_superuser and not self.delete_permissions_check(request, obj): + raise PermissionDenied() + obj.name = "_deleted_%s_%s" % (str(datetime.time()), obj.name) + obj.active = False + obj.save() + return HttpResponse(status=204) + diff --git a/lib/main/views.py b/lib/main/views.py index 6fa8fe41bd..27ab7f21e4 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -12,37 +12,7 @@ from rest_framework.response import Response from rest_framework import status import exceptions import datetime - -# FIXME: machinery for auto-adding audit trail logs to all CREATE/EDITS - -class BaseList(generics.ListCreateAPIView): - - def list_permissions_check(self, request, obj=None): - if request.method == 'GET': - # everybody can call get, but it's filtered - return True - if request.method == 'POST': - # superusers have already been cleared, so deny regular users - return False - raise exceptions.NotImplementedError - - def get_queryset(self): - return self._get_queryset().filter(active=True) - -class BaseDetail(generics.RetrieveUpdateDestroyAPIView): - - def pre_save(self, obj): - obj.created_by = owner = self.request.user - - def destroy(self, request, *args, **kwargs): - # somewhat lame that delete has to call it's own permissions check - obj = self.model.objects.get(pk=kwargs['pk']) - if not request.user.is_superuser and not self.delete_permissions_check(request, obj): - raise PermissionDenied() - obj.name = "_deleted_%s_%s" % (str(datetime.time()), obj.name) - obj.active = False - obj.save() - return HttpResponse(status=204) +from base_views import BaseList, BaseDetail class OrganizationsList(BaseList):