TTMK/web2.0-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restricted accessrights to membersapi

Browse Source
This commit is contained in:
okalintu
2016-08-25 21:51:30 +03:00
parent 86fe5d39bb
commit 48caf88f64
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
members/views.py
+12
View File
@@ -1,5 +1,6 @@
from django.shortcuts import render, get_object_or_404 from django.shortcuts import render, get_object_or_404
from django.contrib.auth.decorators import permission_required from django.contrib.auth.decorators import permission_required
from django.views.decorators.http import require_http_methods
from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.csrf import ensure_csrf_cookie
from django.http import HttpResponse, HttpResponseBadRequest from django.http import HttpResponse, HttpResponseBadRequest
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
@@ -7,16 +8,21 @@ from members.models import Member, MemberRequest
import json import json
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["GET"])
@permission_required('members.change_member', login_url='/login') @permission_required('members.change_member', login_url='/login')
def index(request, *args, **kwargs): def index(request, *args, **kwargs):
return render(request, 'members_index.html',{}) return render(request, 'members_index.html',{})
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["GET"])
@permission_required('members.change_member', login_url='/login')
def members(request, *args, **kwargs): def members(request, *args, **kwargs):
mems = list(map(lambda m: m.get_dict(),Member.objects.all())) mems = list(map(lambda m: m.get_dict(),Member.objects.all()))
return HttpResponse(json.dumps(mems)) return HttpResponse(json.dumps(mems))
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["GET", "POST", "DELETE","PUT"])
@permission_required('members.change_member', login_url='/login')
def member(request,*args, **kwargs): def member(request,*args, **kwargs):
# get, put and delete together since all operate on existing objects # get, put and delete together since all operate on existing objects
@@ -60,6 +66,8 @@ def member(request,*args, **kwargs):
return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}') return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["POST"])
@permission_required('members.change_member', login_url='/login')
def csv_import(request, *args, **kwargs): def csv_import(request, *args, **kwargs):
data = request.body.decode("utf-8") data = request.body.decode("utf-8")
resp_data = Member.import_csv(data) resp_data = Member.import_csv(data)
@@ -69,6 +77,8 @@ def csv_import(request, *args, **kwargs):
return resp return resp
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["GET"])
@permission_required('members.change_member', login_url='/login')
def member_requests(request, *args, **kwargs): def member_requests(request, *args, **kwargs):
reqs = list(map(lambda r: r.get_dict(),MemberRequest.objects.all())) reqs = list(map(lambda r: r.get_dict(),MemberRequest.objects.all()))
return HttpResponse(json.dumps(reqs)) return HttpResponse(json.dumps(reqs))
@@ -85,6 +95,8 @@ def new_member_request(request, *args, **kwargs):
return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}') return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
@ensure_csrf_cookie @ensure_csrf_cookie
@require_http_methods(["GET", "POST", "DELETE"])
@permission_required('members.change_member', login_url='/login')
def handle_mem_request(request, idx, *args, **kwargs): def handle_mem_request(request, idx, *args, **kwargs):
try: try:
req = MemberRequest.objects.get(pk=idx) req = MemberRequest.objects.get(pk=idx)