gnuviech/gva
1
0
Fork 0
Code Issues 6 Pull requests Releases Wiki Activity

Strip API to required minimum

Browse source 
- disable browseable API
- use IsAdminUser for DEFAULT_PERMISSION_CLASSES
- register explicit API views for HelpUser model
This commit is contained in:
Jan Dittberner 2023-04-16 14:34:45 +02:00
parent 0f91587c60
commit 5cf7ef7a23
3 changed files with 28 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
gnuviechadmin/gnuviechadmin/settings.py
View file

@ -272,7 +272,13 @@ REST_FRAMEWORK = {
"rest_framework.authentication.BasicAuthentication", "rest_framework.authentication.BasicAuthentication",
"rest_framework.authentication.SessionAuthentication", "rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.TokenAuthentication", "rest_framework.authentication.TokenAuthentication",
] ],
"DEFAULT_RENDERER_CLASSES": [
"rest_framework.renderers.JSONRenderer",
],
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.IsAdminUser",
],
} }
# ######### END REST FRAMEWORK CONFIGURATION # ######### END REST FRAMEWORK CONFIGURATION

12
gnuviechadmin/gnuviechadmin/urls.py
View file

@ -6,19 +6,19 @@ from django.contrib import admin
from django.contrib.flatpages import views from django.contrib.flatpages import views
from django.contrib.staticfiles.urls import staticfiles_urlpatterns from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from django.urls import path, re_path from django.urls import path, re_path
from rest_framework import routers
from help import views as help_views from help import views as help_views
admin.autodiscover() admin.autodiscover()
router = routers.DefaultRouter()
router.register(r"help-users", help_views.HelpUserViewSet)
urlpatterns = [ urlpatterns = [
re_path(r"", include("dashboard.urls")), re_path(r"", include("dashboard.urls")),
path("api/", include(router.urls)), path("api/users/", help_views.ListHelpUserAPIView.as_view()),
path("api-auth/", include("rest_framework.urls", namespace="rest_framework")), path(
"api/users/<int:pk>/",
help_views.HelpUserAPIView.as_view(),
name="helpuser-detail",
),
re_path(r"^admin/", admin.site.urls), re_path(r"^admin/", admin.site.urls),
re_path(r"^impersonate/", include("impersonate.urls")), re_path(r"^impersonate/", include("impersonate.urls")),
re_path(r"^accounts/", include("allauth.urls")), re_path(r"^accounts/", include("allauth.urls")),

19
gnuviechadmin/help/views.py
View file

@ -1,15 +1,26 @@
from rest_framework import permissions, viewsets from rest_framework import generics
from help.models import HelpUser from help.models import HelpUser
from help.serializers import HelpUserSerializer from help.serializers import HelpUserSerializer
class HelpUserViewSet(viewsets.ModelViewSet): class ListHelpUserAPIView(generics.ListAPIView):
""" """
API endpoint that allows user help profile to be viewed or edited. API endpoint that allows user help profile to be viewed or edited.
""" """
queryset = HelpUser.objects.all().order_by("user__username") queryset = (
HelpUser.objects.all().prefetch_related("user").order_by("user__username")
)
serializer_class = HelpUserSerializer
class HelpUserAPIView(generics.RetrieveUpdateAPIView):
"""
API endpoint that allows user help profile to be viewed or edited.
"""
queryset = HelpUser.objects.all()
serializer_class = HelpUserSerializer serializer_class = HelpUserSerializer
permission_classes = [permissions.IsAdminUser]