From e1220d17bb5d447beb977c676030b657a35eb7d6 Mon Sep 17 00:00:00 2001 From: Aarni Halinen Date: Sun, 18 Nov 2018 17:54:06 +0200 Subject: [PATCH] Add filtering to REST API --- webapp/migrations/0050_signupform_visible.py | 18 +++++++++++ webapp/models.py | 1 + webapp/views.py | 32 ++++++++++++++++---- 3 files changed, 45 insertions(+), 6 deletions(-) create mode 100644 webapp/migrations/0050_signupform_visible.py diff --git a/webapp/migrations/0050_signupform_visible.py b/webapp/migrations/0050_signupform_visible.py new file mode 100644 index 0000000..5e666ab --- /dev/null +++ b/webapp/migrations/0050_signupform_visible.py @@ -0,0 +1,18 @@ +# Generated by Django 2.0.7 on 2018-11-18 15:53 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('webapp', '0049_auto_20181118_1344'), + ] + + operations = [ + migrations.AddField( + model_name='signupform', + name='visible', + field=models.BooleanField(default=True), + ), + ] diff --git a/webapp/models.py b/webapp/models.py index 856d00a..716942c 100644 --- a/webapp/models.py +++ b/webapp/models.py @@ -93,6 +93,7 @@ class SignupForm(models.Model): end = models.DateTimeField(default=timezone.now) # question = JSONField() questions = models.CharField(max_length=255) + visible = models.BooleanField(default=True) class Meta: verbose_name = _('Signup form') diff --git a/webapp/views.py b/webapp/views.py index 04cdf71..1b70e31 100644 --- a/webapp/views.py +++ b/webapp/views.py @@ -15,7 +15,7 @@ from rest_framework.response import Response from rest_framework.reverse import reverse from django_filters import rest_framework as filters from rest_framework.filters import SearchFilter, OrderingFilter - +from rest_framework import permissions # import logging # import requests from dealer.git import git @@ -26,6 +26,14 @@ from webapp.serializers import * from members.views.utils import * +class IsPostOrIsAuthenticated(permissions.BasePermission): + + def has_permission(self, request, view): + if request.method == 'POST': + return True + return request.user and request.user.is_authenticated + + # -- REST API -- # class RootView(routers.APIRootView): permission_classes = [IsAuthenticatedOrReadOnly] @@ -39,6 +47,9 @@ class EventViewSet(viewsets.ModelViewSet): filter_fields = '__all__' search_fields = '__all__' + def get_queryset(self): + return Event.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time') + class SignupFormViewSet(viewsets.ModelViewSet): queryset = SignupForm.objects.all() @@ -48,14 +59,20 @@ class SignupFormViewSet(viewsets.ModelViewSet): filter_fields = '__all__' search_fields = '__all__' + def get_queryset(self): + return SignupForm.objects.filter(visible=True, end__gt=timezone.now()).order_by('start') + class SignupViewSet(viewsets.ModelViewSet): queryset = Signup.objects.all() serializer_class = SignupSerializer - permission_classes = [] - filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter) - filter_fields = '__all__' - search_fields = '__all__' + permission_classes = [IsPostOrIsAuthenticated] + # filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter) + # filter_fields = '__all__' + # search_fields = '__all__' + + # def get_queryset(self): + # return Signup.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time') class SavedQuestionsViewSet(viewsets.ModelViewSet): @@ -67,11 +84,14 @@ class SavedQuestionsViewSet(viewsets.ModelViewSet): class FeedViewSet(viewsets.ModelViewSet): queryset = Feed.objects.all() serializer_class = FeedSerializer - permission_classes = [] + permission_classes = [IsAuthenticatedOrReadOnly] filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter) filter_fields = '__all__' search_fields = '__all__' + def get_queryset(self): + return Feed.objects.filter(visible=True, autohide__gt=timezone.now()).order_by('publish_time') + class ContactsViewSet(viewsets.ReadOnlyModelViewSet): queryset = Official.objects.all()