Strip API to required minimum

- disable browseable API - use IsAdminUser for DEFAULT_PERMISSION_CLASSES - register explicit API views for HelpUser model
2023-04-16 14:34:45 +02:00 · 2023-04-16 14:34:45 +02:00 · 5cf7ef7a23
parent 0f91587c60
commit 5cf7ef7a23
3 changed files with 28 additions and 11 deletions
--- a/gnuviechadmin/gnuviechadmin/settings.py
+++ b/gnuviechadmin/gnuviechadmin/settings.py
@ -272,7 +272,13 @@ REST_FRAMEWORK = {
        "rest_framework.authentication.BasicAuthentication",
        "rest_framework.authentication.SessionAuthentication",
        "rest_framework.authentication.TokenAuthentication",
-    ]
+    ],
+    "DEFAULT_RENDERER_CLASSES": [
+        "rest_framework.renderers.JSONRenderer",
+    ],
+    "DEFAULT_PERMISSION_CLASSES": [
+        "rest_framework.permissions.IsAdminUser",
+    ],
 }
 # ######### END REST FRAMEWORK CONFIGURATION

--- a/gnuviechadmin/gnuviechadmin/urls.py
+++ b/gnuviechadmin/gnuviechadmin/urls.py
@ -6,19 +6,19 @@ from django.contrib import admin
 from django.contrib.flatpages import views
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 from django.urls import path, re_path
-from rest_framework import routers

 from help import views as help_views

 admin.autodiscover()

-router = routers.DefaultRouter()
-router.register(r"help-users", help_views.HelpUserViewSet)
-
 urlpatterns = [
    re_path(r"", include("dashboard.urls")),
-    path("api/", include(router.urls)),
-    path("api-auth/", include("rest_framework.urls", namespace="rest_framework")),
+    path("api/users/", help_views.ListHelpUserAPIView.as_view()),
+    path(
+        "api/users/<int:pk>/",
+        help_views.HelpUserAPIView.as_view(),
+        name="helpuser-detail",
+    ),
    re_path(r"^admin/", admin.site.urls),
    re_path(r"^impersonate/", include("impersonate.urls")),
    re_path(r"^accounts/", include("allauth.urls")),
--- a/gnuviechadmin/help/views.py
+++ b/gnuviechadmin/help/views.py
@ -1,15 +1,26 @@
-from rest_framework import permissions, viewsets
+from rest_framework import generics

 from help.models import HelpUser
 from help.serializers import HelpUserSerializer


-class HelpUserViewSet(viewsets.ModelViewSet):
+class ListHelpUserAPIView(generics.ListAPIView):
    """
    API endpoint that allows user help profile to be viewed or edited.

    """

-    queryset = HelpUser.objects.all().order_by("user__username")
+    queryset = (
+        HelpUser.objects.all().prefetch_related("user").order_by("user__username")
+    )
+    serializer_class = HelpUserSerializer
+
+
+class HelpUserAPIView(generics.RetrieveUpdateAPIView):
+    """
+    API endpoint that allows user help profile to be viewed or edited.
+
+    """
+
+    queryset = HelpUser.objects.all()
    serializer_class = HelpUserSerializer
-    permission_classes = [permissions.IsAdminUser]