nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

fix(api): cleanup team post/get

Browse Source 
!44 #159
This commit is contained in:
Jon Lockwood
2024-07-29 17:03:25 +09:30
parent 3a9e4b29b3
commit 9b673f4a07
2 changed files with 130 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/api/serializers/access.py
View File

@ -14,9 +14,8 @@ class TeamSerializerBase(serializers.ModelSerializer):
class Meta:
model = Team
fields = (
"id",
"team_name",
'organization',
'team_name',
'permissions',
'url',
)
@ -29,9 +28,18 @@ class TeamSerializerBase(serializers.ModelSerializer):
class TeamPermissionSerializer(serializers.ModelSerializer):
class Meta:
model = Permission
depth = 1
fields = '__all__'
class TeamSerializer(TeamSerializerBase):
permissions = serializers.SerializerMethodField('get_url')
permissions_url = serializers.SerializerMethodField('get_url')
def get_url(self, obj):
@ -63,16 +71,18 @@ class TeamSerializer(TeamSerializerBase):
class Meta:
model = Team
depth = 1
depth = 2
fields = (
"id",
"team_name",
'organization',
'permissions',
'permissions_url',
'url',
)
read_only_fields = [
'permissions',
'id',
'organization',
'permissions_url',
'url'
]
@ -111,7 +121,7 @@ class OrganizationSerializer(serializers.ModelSerializer):
return request.build_absolute_uri(reverse('API:_api_organization_teams', args=[obj.id]))
teams = TeamSerializerBase(source='team_set', many=True, read_only=False)
teams = TeamSerializer(source='team_set', many=True, read_only=False)
view_name="API:_api_organization"

117
app/api/views/access.py
View File

@ -62,6 +62,20 @@ class OrganizationDetail(generics.RetrieveUpdateAPIView):
@extend_schema_view(
post=extend_schema(
summary = "Create a Team",
description = """Create a team within the defined organization.""",
tags = ['team',],
request = TeamSerializer,
responses = {
200: OpenApiResponse(description='Team has been updated with the supplied permissions'),
401: OpenApiResponse(description='User Not logged in'),
403: OpenApiResponse(description='User is missing permission or in different organization'),
}
),
create=extend_schema(exclude=True),
)
class TeamList(generics.ListCreateAPIView):
permission_classes = [
@ -84,6 +98,45 @@ class TeamList(generics.ListCreateAPIView):
@extend_schema_view(
get=extend_schema(
summary = "Fetch a Team",
description = """Fetch a team within the defined organization.
""",
methods=["GET"],
tags = ['team',],
request = TeamSerializer,
responses = {
200: OpenApiResponse(description='Team has been updated with the supplied permissions'),
401: OpenApiResponse(description='User Not logged in'),
403: OpenApiResponse(description='User is missing permission or in different organization'),
}
),
patch=extend_schema(
summary = "Update a Team",
description = """Update a team within the defined organization.
""",
methods=["Patch"],
tags = ['team',],
request = TeamSerializer,
responses = {
200: OpenApiResponse(description='Team has been updated with the supplied permissions'),
401: OpenApiResponse(description='User Not logged in'),
403: OpenApiResponse(description='User is missing permission or in different organization'),
}
),
put = extend_schema(
summary = "Amend a team",
tags = ['team',],
),
delete=extend_schema(
summary = "Delete a Team",
tags = ['team',],
),
post = extend_schema(
exclude = True,
)
)
class TeamDetail(generics.RetrieveUpdateDestroyAPIView):
permission_classes = [
@ -97,12 +150,66 @@ class TeamDetail(generics.RetrieveUpdateDestroyAPIView):
class TeamPermissionDetail(routers.APIRootView):
@extend_schema_view(
get=extend_schema(
summary = "Fetch a teams permissions",
tags = ['team',],
),
post=extend_schema(
summary = "Replace team Permissions",
description = """Replace the teams permissions with the permissions supplied.
# temp disabled until permission checker updated
# permission_classes = [
# OrganizationPermissionAPI
# ]
Teams Permissions will be replaced with the permissions supplied. **ALL** existing permissions will be
removed.
permissions are required to be in format `<module name>_<permission>_<table name>`
""",
methods=["POST"],
tags = ['team',],
request = TeamPermissionSerializer,
responses = {
200: OpenApiResponse(description='Team has been updated with the supplied permissions'),
401: OpenApiResponse(description='User Not logged in'),
403: OpenApiResponse(description='User is missing permission or in different organization'),
}
),
delete=extend_schema(
summary = "Delete permissions",
tags = ['team',],
),
patch = extend_schema(
summary = "Amend team Permissions",
description = """Amend the teams permissions with the permissions supplied.
Teams permissions will include the existing permissions along with the ones supplied.
permissions are required to be in format `<module name>_<permission>_<table name>`
""",
methods=["PATCH"],
parameters = None,
tags = ['team',],
request = TeamPermissionSerializer,
responses = {
200: OpenApiResponse(description='Team has been updated with the supplied permissions'),
401: OpenApiResponse(description='User Not logged in'),
403: OpenApiResponse(description='User is missing permission or in different organization'),
}
),
put = extend_schema(
summary = "Amend team Permissions",
tags = ['team',],
)
)
class TeamPermissionDetail(views.APIView):
permission_classes = [
OrganizationPermissionAPI
]
queryset = Team.objects.all()
serializer_class = TeamPermissionSerializer
def get(self, request, *args, **kwargs):