eveal/marbas
2
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

use env variable for cache duration + limit API to logged in user only

Browse Source
This commit is contained in:
Kaladaran
2024-05-17 19:24:28 +02:00
parent 4c39fed29b
commit ba6f877b4b
9 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/serializers.py
View File

@@ -23,7 +23,6 @@ class AcquisitionSerializer(serializers.ModelSerializer):
class TypeTrackingSerializer(serializers.ModelSerializer):
type = sde_serializers.SDETypeSerializer()
class Meta:
model = models.TypeTracking
fields = '__all__'

22
api/views.py
View File

@@ -4,14 +4,23 @@ from django.db.models import Q
from django.contrib.auth import models as auth_models
from django.core.cache import cache
from rest_framework import viewsets, permissions, settings
from rest_framework.decorators import api_view
from rest_framework.decorators import api_view, action
from rest_framework.response import Response
from api import serializers, models
from sde import serializers as sde_serializers, models as sde_models
class UserViewSet(viewsets.ModelViewSet):
class LoggedUserOnly:
permission_classes = [permissions.IsAuthenticated]
def get_queryset(self):
return self.queryset.filter(user=self.request.user)
def perform_create(self, serializer):
serializer.save(user=self.request.user)
class UserViewSet(viewsets.ReadOnlyModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
@@ -20,7 +29,8 @@ class UserViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated]
class GroupViewSet(viewsets.ModelViewSet):
class GroupViewSet(viewsets.ReadOnlyModelViewSet):
"""
API endpoint that allows groups to be viewed or edited.
"""
@@ -29,22 +39,20 @@ class GroupViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated]
class AcquisitionViewSet(viewsets.ModelViewSet):
class AcquisitionViewSet(LoggedUserOnly, viewsets.ModelViewSet):
"""
API endpoint that allows acquisitions to be viewed or edited.
"""
queryset = models.Acquisition.objects.all().order_by('-date')
serializer_class = serializers.AcquisitionSerializer
permission_classes = [permissions.IsAuthenticated]
class TypeTrackingViewSet(viewsets.ModelViewSet):
class TypeTrackingViewSet(LoggedUserOnly, viewsets.ModelViewSet):
"""
API endpoint that allows types tracking to be viewed or edited.
"""
queryset = models.TypeTracking.objects.all()
serializer_class = serializers.TypeTrackingSerializer
permission_classes = [permissions.IsAuthenticated]
@api_view(['POST'])