Strip API to required minimum
- disable browseable API - use IsAdminUser for DEFAULT_PERMISSION_CLASSES - register explicit API views for HelpUser model
This commit is contained in:
parent
0f91587c60
commit
5cf7ef7a23
3 changed files with 28 additions and 11 deletions
|
@ -272,7 +272,13 @@ REST_FRAMEWORK = {
|
|||
"rest_framework.authentication.BasicAuthentication",
|
||||
"rest_framework.authentication.SessionAuthentication",
|
||||
"rest_framework.authentication.TokenAuthentication",
|
||||
]
|
||||
],
|
||||
"DEFAULT_RENDERER_CLASSES": [
|
||||
"rest_framework.renderers.JSONRenderer",
|
||||
],
|
||||
"DEFAULT_PERMISSION_CLASSES": [
|
||||
"rest_framework.permissions.IsAdminUser",
|
||||
],
|
||||
}
|
||||
# ######### END REST FRAMEWORK CONFIGURATION
|
||||
|
||||
|
|
|
@ -6,19 +6,19 @@ from django.contrib import admin
|
|||
from django.contrib.flatpages import views
|
||||
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
|
||||
from django.urls import path, re_path
|
||||
from rest_framework import routers
|
||||
|
||||
from help import views as help_views
|
||||
|
||||
admin.autodiscover()
|
||||
|
||||
router = routers.DefaultRouter()
|
||||
router.register(r"help-users", help_views.HelpUserViewSet)
|
||||
|
||||
urlpatterns = [
|
||||
re_path(r"", include("dashboard.urls")),
|
||||
path("api/", include(router.urls)),
|
||||
path("api-auth/", include("rest_framework.urls", namespace="rest_framework")),
|
||||
path("api/users/", help_views.ListHelpUserAPIView.as_view()),
|
||||
path(
|
||||
"api/users/<int:pk>/",
|
||||
help_views.HelpUserAPIView.as_view(),
|
||||
name="helpuser-detail",
|
||||
),
|
||||
re_path(r"^admin/", admin.site.urls),
|
||||
re_path(r"^impersonate/", include("impersonate.urls")),
|
||||
re_path(r"^accounts/", include("allauth.urls")),
|
||||
|
|
|
@ -1,15 +1,26 @@
|
|||
from rest_framework import permissions, viewsets
|
||||
from rest_framework import generics
|
||||
|
||||
from help.models import HelpUser
|
||||
from help.serializers import HelpUserSerializer
|
||||
|
||||
|
||||
class HelpUserViewSet(viewsets.ModelViewSet):
|
||||
class ListHelpUserAPIView(generics.ListAPIView):
|
||||
"""
|
||||
API endpoint that allows user help profile to be viewed or edited.
|
||||
|
||||
"""
|
||||
|
||||
queryset = HelpUser.objects.all().order_by("user__username")
|
||||
queryset = (
|
||||
HelpUser.objects.all().prefetch_related("user").order_by("user__username")
|
||||
)
|
||||
serializer_class = HelpUserSerializer
|
||||
|
||||
|
||||
class HelpUserAPIView(generics.RetrieveUpdateAPIView):
|
||||
"""
|
||||
API endpoint that allows user help profile to be viewed or edited.
|
||||
|
||||
"""
|
||||
|
||||
queryset = HelpUser.objects.all()
|
||||
serializer_class = HelpUserSerializer
|
||||
permission_classes = [permissions.IsAdminUser]
|
||||
|
|
Loading…
Reference in a new issue