Add filtering to REST API

webapp/migrations/0050_signupform_visible.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.0.7 on 2018-11-18 15:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('webapp', '0049_auto_20181118_1344'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='signupform',
+            name='visible',
+            field=models.BooleanField(default=True),
+        ),
+    ]

webapp/models.py

@@ -93,6 +93,7 @@ class SignupForm(models.Model):
     end = models.DateTimeField(default=timezone.now)
     # question = JSONField()
     questions = models.CharField(max_length=255)
+    visible = models.BooleanField(default=True)
 
     class Meta:
         verbose_name = _('Signup form')

webapp/views.py

@@ -15,7 +15,7 @@ from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from django_filters import rest_framework as filters
 from rest_framework.filters import SearchFilter, OrderingFilter
-
+from rest_framework import permissions
 # import logging
 # import requests
 from dealer.git import git
@@ -26,6 +26,14 @@ from webapp.serializers import *
 from members.views.utils import *
 
 
+class IsPostOrIsAuthenticated(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        if request.method == 'POST':
+            return True
+        return request.user and request.user.is_authenticated
+
+
 # -- REST API -- #
 class RootView(routers.APIRootView):
     permission_classes = [IsAuthenticatedOrReadOnly]
@@ -39,6 +47,9 @@ class EventViewSet(viewsets.ModelViewSet):
     filter_fields = '__all__'
     search_fields = '__all__'
 
+    def get_queryset(self):
+        return Event.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time')
+
 
 class SignupFormViewSet(viewsets.ModelViewSet):
     queryset = SignupForm.objects.all()
@@ -48,14 +59,20 @@ class SignupFormViewSet(viewsets.ModelViewSet):
     filter_fields = '__all__'
     search_fields = '__all__'
 
+    def get_queryset(self):
+        return SignupForm.objects.filter(visible=True, end__gt=timezone.now()).order_by('start')
+
 
 class SignupViewSet(viewsets.ModelViewSet):
     queryset = Signup.objects.all()
     serializer_class = SignupSerializer
-    permission_classes = []
-    filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
-    filter_fields = '__all__'
-    search_fields = '__all__'
+    permission_classes = [IsPostOrIsAuthenticated]
+    # filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
+    # filter_fields = '__all__'
+    # search_fields = '__all__'
+
+    # def get_queryset(self):
+    #     return Signup.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time')
 
 
 class SavedQuestionsViewSet(viewsets.ModelViewSet):
@@ -67,11 +84,14 @@ class SavedQuestionsViewSet(viewsets.ModelViewSet):
 class FeedViewSet(viewsets.ModelViewSet):
     queryset = Feed.objects.all()
     serializer_class = FeedSerializer
-    permission_classes = []
+    permission_classes = [IsAuthenticatedOrReadOnly]
     filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
     filter_fields = '__all__'
     search_fields = '__all__'
 
+    def get_queryset(self):
+        return Feed.objects.filter(visible=True, autohide__gt=timezone.now()).order_by('publish_time')
+
 
 class ContactsViewSet(viewsets.ReadOnlyModelViewSet):
     queryset = Official.objects.all()