drf serializer classes dynamic -- views.py -- custom user limited info
from rest_framework import viewsets | |
from .mixins import GetSerializerClassMixin | |
from .models import User, Company, SystemUserRole | |
from .serializers import ( | |
CompanySerializer, | |
CompanyDetailSerializer, | |
UserSerializer, | |
UserDetailSerializer, | |
) | |
class CompanyViewSet(GetSerializerClassMixin, viewsets.ModelViewSet): | |
""" | |
API endpoint that allows companies to be viewed or edited. | |
""" | |
queryset = Company.objects.all() | |
serializer_class = CompanyDetailSerializer | |
serializer_action_classes = { | |
'list': CompanySerializer, | |
} | |
filterset_fields = ("country", "state", "city", ) | |
search_fields = ("name", "email", ) | |
ordering_fields = ("name", "country", ) | |
ordering = ("-created_at", ) | |
# class UserViewSet(GetSerializerClassMixin, viewsets.ModelViewSet): | |
# """ | |
# API endpoint that allows users to be viewed or edited. | |
# """ | |
# queryset = User.objects.all() | |
# serializer_class = UserDetailSerializer | |
# serializer_action_classes = { | |
# 'list': UserSerializer, | |
# } | |
# filterset_fields = ("country", "state", "city", "zipcode", "company", ) | |
# search_fields = ("first_name", "last_name", "email", ) | |
# ordering_fields = ("first_name", "last_name", "email", ) | |
# ordering = ("-created_at", ) | |
class UserViewSet(viewsets.ModelViewSet): | |
""" | |
API endpoint that allows users to be viewed or edited. | |
""" | |
queryset = User.objects.all() | |
serializer_class = UserSerializer | |
serializer_detail_class = UserDetailSerializer | |
filterset_fields = ("country", "state", "city", "zipcode", "company", ) | |
search_fields = ("first_name", "last_name", "email", ) | |
ordering_fields = ("first_name", "last_name", "email", ) | |
ordering = ("-created_at", ) | |
def get_serializer_class(self): | |
""" | |
Special case to see the user full details. | |
Unless user is request.user or SYS_ADMIN for user's company | |
only show basic details of user. | |
""" | |
lookup = self.lookup_url_kwarg or self.lookup_field | |
if lookup and lookup in self.kwargs: | |
# get detailed endpoint value from url e.g, "/users/2/" => 2 | |
user_pk = self.kwargs[lookup] | |
lookup_user = User.objects.filter(pk=user_pk).first() | |
# if current user is looking at the details | |
if self.request.user == lookup_user: | |
return self.serializer_detail_class | |
# if current user is sys admin of the requested user's company | |
if (self.request.user.system_role == SystemUserRole.SYS_ADMIN and | |
self.request.user.company == lookup_user.company): | |
return self.serializer_detail_class | |
return super().get_serializer_class() | |
else: | |
return super().get_serializer_class() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment