-
-
Save Damephena/e341215f9297dfbd28c1838d82601aad to your computer and use it in GitHub Desktop.
Resume Builder API: Views, Custom Permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from rest_framework import permissions | |
class IsOwnerOrAdmin(permissions.BasePermission): | |
""" | |
Custom permission to only allow authenticated owners of an object or Admin. | |
""" | |
def has_object_permission(self, request, view, obj): | |
try: | |
if not request.user.is_authenticated: | |
return False | |
if hasattr(obj, "user"): | |
return obj.user == request.user | |
elif hasattr(obj, "user_id"): | |
return obj.user_id == request.user | |
elif hasattr(obj, "created_by"): | |
return obj.created_by == request.user | |
return request.user.is_superuser | |
except Exception: | |
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from rest_framework.routers import SimpleRouter | |
from cv import views | |
router = SimpleRouter() | |
router.register("templates", views.ResumeTemplateViewset, basename="templates") | |
urlpatterns = router.urls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from rest_framework import permissions, viewsets | |
from .custom_permissions import IsOwnerOrAdmin | |
from .models import Resume, ResumeTemplate | |
from .serializers import ResumeSerializer, ResumeTemplateSerializer | |
class ResumeTemplateViewset(viewsets.ModelViewSet): | |
""" | |
list: List all resume templates, | |
retrieve: Get a single resume template by ID. | |
""" | |
queryset = ResumeTemplate.objects.all() | |
serializer_class = ResumeTemplateSerializer | |
http_method_names = ["get"] | |
class ResumeViewset(viewsets.ModelViewSet): | |
""" | |
list: List all resumes belonging to this authenticated user. | |
create: Create a new resume as an authenticated user. | |
retrieve: Retrieve resume (by ID) belonging to this authenticated user. | |
partial_update: Update resume (by ID) belonging to this authenticated user. | |
destroy: Delete resume (by ID) belonging to this authenticated user. | |
""" | |
queryset = Resume.objects.all() | |
serializer_class = ResumeSerializer | |
http_method_names = ["get", "post", "patch", "delete"] | |
permission_classes = [permissions.IsAuthenticated] | |
def get_permissions(self): | |
if self.action != "create": | |
return [IsOwnerOrAdmin()] | |
return super().get_permissions() | |
def get_queryset(self): | |
try: | |
if not self.request.user.is_staff or not self.request.user.is_superuser: | |
return Resume.objects.filter(user_id=self.request.user) | |
except Exception: | |
return Resume.objects.none() | |
return super().get_queryset() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment