Last active
December 16, 2015 17:58
-
-
Save airtonix/5473873 to your computer and use it in GitHub Desktop.
An authorization class for dango-tastypie that limits queryset results to those whose designated field points at the current user or when the designated field is None, when the User instance is the same as the request.user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from django.contrib.auth.models import User | |
from tastypie.utils import is_valid_jsonp_callback_value, dict_strip_unicode_keys, trailing_slash | |
from surlex.dj import surl | |
from .authorization import UserObjectsOnlyAuthorization | |
class UserResource(ModelResource): | |
class Meta: | |
queryset = User.objects.all() | |
allowed_methods = ['post'] | |
resource_name = 'user' | |
authentication = ApiKeyAuthentication() | |
authorization = UserObjectsOnlyAuthorization() | |
urlargs = {'name':resource_name, 'slash':trailing_slash()} | |
def prepend_urls(self): | |
return [ | |
surl(r"^<resource_name=[{name}]>/<pk:#>/login{slash}$".format(**self._meta.urlargs), self.wrap_view('start_server'), name="api_user_login"), | |
surl(r"^<resource_name=[{name}]>/<pk:#>/logout{slash}$".format(**self._meta.urlargs), self.wrap_view('stop_server'), name="api_user_logout"), | |
] | |
def login(self, bundle, **kwargs): | |
pass | |
def logout(self, bundle, **kwargs): | |
pass | |
def obj_create(self, bundle, **kwargs): | |
try: | |
bundle = super(UserResource, self).obj_create(bundle, **kwargs) | |
bundle.obj.set_password(bundle.data.get('password')) | |
bundle.obj.save() | |
except IntegrityError: | |
raise BadRequest(_("A user with that username already exists.")) | |
return bundle |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment