From 74c0fcca83a0a151e2637f2e1a22ccaee787894d Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Thu, 19 Mar 2020 19:29:52 +0100 Subject: [PATCH] Notes are read-only in the API, but can be modified with scripts (ie. transactions) --- apps/note/api/serializers.py | 4 +++ apps/note/api/views.py | 51 +++------------------------ apps/permission/fixtures/initial.json | 15 +++++++- 3 files changed, 23 insertions(+), 47 deletions(-) diff --git a/apps/note/api/serializers.py b/apps/note/api/serializers.py index 91dbb62a..4a62d2f4 100644 --- a/apps/note/api/serializers.py +++ b/apps/note/api/serializers.py @@ -20,6 +20,7 @@ class NoteSerializer(serializers.ModelSerializer): class Meta: model = Note fields = '__all__' + read_only_fields = [f.name for f in model._meta.get_fields()] # Notes are read-only protected class NoteClubSerializer(serializers.ModelSerializer): @@ -32,6 +33,7 @@ class NoteClubSerializer(serializers.ModelSerializer): class Meta: model = NoteClub fields = '__all__' + read_only_fields = ('note', 'club', ) def get_name(self, obj): return str(obj) @@ -47,6 +49,7 @@ class NoteSpecialSerializer(serializers.ModelSerializer): class Meta: model = NoteSpecial fields = '__all__' + read_only_fields = ('note', ) def get_name(self, obj): return str(obj) @@ -62,6 +65,7 @@ class NoteUserSerializer(serializers.ModelSerializer): class Meta: model = NoteUser fields = '__all__' + read_only_fields = ('note', 'user', ) def get_name(self, obj): return str(obj) diff --git a/apps/note/api/views.py b/apps/note/api/views.py index caa77132..e09557f4 100644 --- a/apps/note/api/views.py +++ b/apps/note/api/views.py @@ -5,56 +5,15 @@ from django.db.models import Q from django_filters.rest_framework import DjangoFilterBackend from rest_framework.filters import OrderingFilter, SearchFilter -from api.viewsets import ReadProtectedModelViewSet +from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet from member.backends import PermissionBackend -from .serializers import NoteSerializer, NotePolymorphicSerializer, NoteClubSerializer, NoteSpecialSerializer, \ - NoteUserSerializer, AliasSerializer, \ - TemplateCategorySerializer, TransactionTemplateSerializer, TransactionPolymorphicSerializer -from ..models.notes import Note, NoteClub, NoteSpecial, NoteUser, Alias +from .serializers import NotePolymorphicSerializer, AliasSerializer, TemplateCategorySerializer, \ + TransactionTemplateSerializer, TransactionPolymorphicSerializer +from ..models.notes import Note, Alias from ..models.transactions import TransactionTemplate, Transaction, TemplateCategory -class NoteViewSet(ReadProtectedModelViewSet): - """ - REST API View set. - The djangorestframework plugin will get all `Note` objects, serialize it to JSON with the given serializer, - then render it on /api/note/note/ - """ - queryset = Note.objects.all() - serializer_class = NoteSerializer - - -class NoteClubViewSet(ReadProtectedModelViewSet): - """ - REST API View set. - The djangorestframework plugin will get all `NoteClub` objects, serialize it to JSON with the given serializer, - then render it on /api/note/club/ - """ - queryset = NoteClub.objects.all() - serializer_class = NoteClubSerializer - - -class NoteSpecialViewSet(ReadProtectedModelViewSet): - """ - REST API View set. - The djangorestframework plugin will get all `NoteSpecial` objects, serialize it to JSON with the given serializer, - then render it on /api/note/special/ - """ - queryset = NoteSpecial.objects.all() - serializer_class = NoteSpecialSerializer - - -class NoteUserViewSet(ReadProtectedModelViewSet): - """ - REST API View set. - The djangorestframework plugin will get all `NoteUser` objects, serialize it to JSON with the given serializer, - then render it on /api/note/user/ - """ - queryset = NoteUser.objects.all() - serializer_class = NoteUserSerializer - - -class NotePolymorphicViewSet(ReadProtectedModelViewSet): +class NotePolymorphicViewSet(ReadOnlyProtectedModelViewSet): """ REST API View set. The djangorestframework plugin will get all `Note` objects (with polymorhism), serialize it to JSON with the given serializer, diff --git a/apps/permission/fixtures/initial.json b/apps/permission/fixtures/initial.json index e1262673..d361abe1 100644 --- a/apps/permission/fixtures/initial.json +++ b/apps/permission/fixtures/initial.json @@ -227,6 +227,18 @@ "description": "Transfer from myself's note" } }, + { + "model": "permission.permission", + "pk": 18, + "fields": { + "model": 35, + "query": "{}", + "type": "change", + "mask": 1, + "field": "balance", + "description": "Update a note balance with a transaction" + } + }, { "model": "member.role", "pk": 1, @@ -279,7 +291,8 @@ 14, 15, 16, - 17 + 17, + 18 ] } }