Source code for rpaper.apps.reservations.api.views
from django.shortcuts import get_object_or_404
from rest_framework.permissions import (
SAFE_METHODS,
DjangoModelPermissions,
DjangoObjectPermissions,
DjangoModelPermissionsOrAnonReadOnly,
)
from rest_framework.generics import (
CreateAPIView,
ListCreateAPIView,
RetrieveUpdateDestroyAPIView,
)
from rpaper.core.utils import get_client_ip
from .serializer import (
ThingSerializer,
RecordSerializer,
RecordSerializerWithCredential,
)
from ..models import (
Thing,
Record,
)
from ..filters import RecordFilter
[docs]class DjangoObjectPermissionsOrAnonReadOnly(DjangoObjectPermissions):
authenticated_users_only = False
[docs] def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
return super().has_permission(request, view)
[docs] def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
return super().has_object_permission(request, view, obj)
[docs]class ThingAPIViewMixin:
serializer_class = ThingSerializer
queryset = Thing.objects.all()
[docs]class ThingCreateAPIView(ThingAPIViewMixin, CreateAPIView):
permission_classes = (
DjangoModelPermissions,
)
[docs]class ThingRetrieveUpdateDestroyAPIView(ThingAPIViewMixin,
RetrieveUpdateDestroyAPIView):
permission_classes = (
DjangoObjectPermissionsOrAnonReadOnly,
)
[docs]class RecordAPIViewMixin:
serializer_class = RecordSerializer
[docs] def get_thing(self):
thing_pk = self.kwargs['thing_pk']
return get_object_or_404(Thing, pk=thing_pk)
[docs] def get_queryset(self):
return Record.objects.filter(
thing=self.get_thing(),
)
[docs]class RecordListCreateAPIView(RecordAPIViewMixin,
ListCreateAPIView):
queryset = Thing.objects.all()
permission_classes = (
DjangoModelPermissionsOrAnonReadOnly,
)
filter_class = RecordFilter
[docs] def get_serializer_class(self):
if self.request.method == 'POST':
# Return 'credential' when the object has created
return RecordSerializerWithCredential
return RecordSerializer
[docs]class RecordRetrieveUpdateDestroyAPIView(RecordAPIViewMixin,
RetrieveUpdateDestroyAPIView):
permission_classes = (
DjangoObjectPermissionsOrAnonReadOnly,
)
[docs] def get_serializer_class(self):
if self.request.method == 'PUT':
# Return 'credential' when the object has updated
return RecordSerializerWithCredential
return RecordSerializer