awx/lib/main/views.py

from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from lib.main.models import *
from django.contrib.auth.models import User
from lib.main.serializers import *
from lib.main.rbac import *
from django.core.exceptions import PermissionDenied
from rest_framework import mixins
from rest_framework import generics
from rest_framework import permissions
from rest_framework.response import Response
from rest_framework import status
import exceptions
import datetime
from base_views import BaseList, BaseDetail, BaseSubList

class OrganizationsList(BaseList):

    model = Organization
    serializer_class = OrganizationSerializer
    permission_classes = (CustomRbac,)

    # I can see the organizations if:
    #   I am a superuser
    #   I am an admin of the organization 
    #   I am a member of the organization
   
    def _get_queryset(self):
        ''' I can see organizations when I am a superuser, or I am an admin or user in that organization '''
        base = Organization.objects
        if self.request.user.is_superuser:
            return base.all()
        return base.filter(
            admins__in = [ self.request.user ]
        ).distinct() | base.filter(
            users__in = [ self.request.user ]
        ).distinct()

class OrganizationsDetail(BaseDetail):

    model = Organization
    serializer_class = OrganizationSerializer
    permission_classes = (CustomRbac,)

class OrganizationsAuditTrailList(BaseList):

    model = AuditTrail
    serializer_class = AuditTrailSerializer
    permission_classes = (CustomRbac,)

class OrganizationsUsersList(BaseSubList):
    
    model = User
    serializer_class = UserSerializer
    permission_classes = (CustomRbac,)

    parent_model = Organization
    relationship = 'users'

    def _get_queryset(self):
        ''' to list users in the organization, I must be a superuser or org admin '''
        organization = Organization.objects.get(pk=self.kwargs['pk'])
        if not self.request.user.is_superuser and not self.request.user in organization.admins.all():
            raise PermissionDenied()
        return User.objects.filter(organizations__in = [ organization ])

class OrganizationsAdminsList(BaseSubList):
    
    model = User
    serializer_class = UserSerializer
    permission_classes = (CustomRbac,)
    
    parent_model = Organization
    relationship = 'admins'

    def _get_queryset(self):
        ''' to list admins in the organization, I must be a superuser or org admin '''
        organization = Organization.objects.get(pk=self.kwargs['pk'])
        if not self.request.user.is_superuser and not self.request.user in organization.admins.all():
            raise PermissionDenied()
        return User.objects.filter(admin_of_organizations__in = [ organization ])

class OrganizationsProjectsList(BaseSubList):
    
    model = Project
    serializer_class = ProjectSerializer
    permission_classes = (CustomRbac,)

    parent_model = Organization  # for sub list
    relationship = 'projects'    # " "
    
    def _get_queryset(self):
        ''' to list projects in the organization, I must be a superuser or org admin '''
        organization = Organization.objects.get(pk=self.kwargs['pk'])
        if not (self.request.user.is_superuser or self.request.user in organization.admins.all()):
            raise PermissionDenied()
        return Project.objects.filter(organizations__in = [ organization ])

class OrganizationsTagsList(BaseList):
    
    model = Tag
    serializer_class = TagSerializer
    permission_classes = (CustomRbac,)

    parent_model = Organization  # for sub list
    relationship = 'tags'        # " "

    def _get_queryset(self):
        ''' to list tags in the organization, I must be a superuser or org admin '''
        organization = Organization.objects.get(pk=self.kwargs['pk'])
        if not (self.request.user.is_superuser or self.request.user in organization.admins.all()):
            # FIXME: use: organization.can_user_administrate(self.request.user)
            raise PermissionDenied()
        return Tag.objects.filter(organization_by_tag__in = [ organization ])

class ProjectsDetail(BaseDetail):

    model = Project
    serializer_class = ProjectSerializer
    permission_classes = (CustomRbac,)

class TagsDetail(BaseDetail):

    model = Tag
    serializer_class = TagSerializer
    permission_classes = (CustomRbac,)
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from django.http import HttpResponse`
			`from django.views.decorators.csrf import csrf_exempt`
			`from lib.main.models import *`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`from django.contrib.auth.models import User`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from lib.main.serializers import *`
Move RBAC code to seperate file. 2013-03-21 08:34:59 +04:00			`from lib.main.rbac import *`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`from django.core.exceptions import PermissionDenied`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from rest_framework import mixins`
			`from rest_framework import generics`
			`from rest_framework import permissions`
Handle post to corrections by overriding post to not save the object. Work in progress. 2013-03-22 17:50:42 +04:00			`from rest_framework.response import Response`
			`from rest_framework import status`
Streamlining RBAC layer code, adding tests for PUT operations. 2013-03-21 18:25:49 +04:00			`import exceptions`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`import datetime`
This makes subobject attachment and detachment generic, making the views much easier to code up. 2013-03-23 00:52:44 +04:00			`from base_views import BaseList, BaseDetail, BaseSubList`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00
			`class OrganizationsList(BaseList):`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00
			`model = Organization`
			`serializer_class = OrganizationSerializer`
			`permission_classes = (CustomRbac,)`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`# I can see the organizations if:`
			`# I am a superuser`
			`# I am an admin of the organization`
			`# I am a member of the organization`
Basic API RBAC filtering operational! 2013-03-21 07:14:09 +04:00
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`def _get_queryset(self):`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`''' I can see organizations when I am a superuser, or I am an admin or user in that organization '''`
			`base = Organization.objects`
Basic API RBAC filtering operational! 2013-03-21 07:14:09 +04:00			`if self.request.user.is_superuser:`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`return base.all()`
			`return base.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`admins__in = [ self.request.user ]`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`).distinct() \| base.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`users__in = [ self.request.user ]`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`).distinct()`

			`class OrganizationsDetail(BaseDetail):`
Streamlining RBAC layer code, adding tests for PUT operations. 2013-03-21 18:25:49 +04:00
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`model = Organization`
			`serializer_class = OrganizationSerializer`
			`permission_classes = (CustomRbac,)`

Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00			`class OrganizationsAuditTrailList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = AuditTrail`
			`serializer_class = AuditTrailSerializer`
			`permission_classes = (CustomRbac,)`

Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00			`class OrganizationsUsersList(BaseSubList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = User`
			`serializer_class = UserSerializer`
			`permission_classes = (CustomRbac,)`

Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00			`parent_model = Organization`
			`relationship = 'users'`

Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`def _get_queryset(self):`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`''' to list users in the organization, I must be a superuser or org admin '''`
			`organization = Organization.objects.get(pk=self.kwargs['pk'])`
Listing the admins of an organization. 2013-03-23 23:43:59 +04:00			`if not self.request.user.is_superuser and not self.request.user in organization.admins.all():`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`raise PermissionDenied()`
			`return User.objects.filter(organizations__in = [ organization ])`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00			`class OrganizationsAdminsList(BaseSubList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = User`
			`serializer_class = UserSerializer`
			`permission_classes = (CustomRbac,)`
Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00
			`parent_model = Organization`
			`relationship = 'admins'`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`def _get_queryset(self):`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`''' to list admins in the organization, I must be a superuser or org admin '''`
			`organization = Organization.objects.get(pk=self.kwargs['pk'])`
Listing the admins of an organization. 2013-03-23 23:43:59 +04:00			`if not self.request.user.is_superuser and not self.request.user in organization.admins.all():`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`raise PermissionDenied()`
Listing the admins of an organization. 2013-03-23 23:43:59 +04:00			`return User.objects.filter(admin_of_organizations__in = [ organization ])`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
This makes subobject attachment and detachment generic, making the views much easier to code up. 2013-03-23 00:52:44 +04:00			`class OrganizationsProjectsList(BaseSubList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`model = Project`
			`serializer_class = ProjectSerializer`
			`permission_classes = (CustomRbac,)`
misc cleanup 2013-03-23 02:16:40 +04:00
			`parent_model = Organization # for sub list`
			`relationship = 'projects' # " "`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`def _get_queryset(self):`
Added ability to list users under an organization, model additions to support. Simplified queryset lookup for various models. 2013-03-23 23:34:16 +04:00			`''' to list projects in the organization, I must be a superuser or org admin '''`
			`organization = Organization.objects.get(pk=self.kwargs['pk'])`
			`if not (self.request.user.is_superuser or self.request.user in organization.admins.all()):`
			`raise PermissionDenied()`
			`return Project.objects.filter(organizations__in = [ organization ])`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
			`class OrganizationsTagsList(BaseList):`
Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00
			`model = Tag`
			`serializer_class = TagSerializer`
			`permission_classes = (CustomRbac,)`

			`parent_model = Organization # for sub list`
			`relationship = 'tags' # " "`

			`def _get_queryset(self):`
			`''' to list tags in the organization, I must be a superuser or org admin '''`
			`organization = Organization.objects.get(pk=self.kwargs['pk'])`
			`if not (self.request.user.is_superuser or self.request.user in organization.admins.all()):`
			`# FIXME: use: organization.can_user_administrate(self.request.user)`
			`raise PermissionDenied()`
			`return Tag.objects.filter(organization_by_tag__in = [ organization ])`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`class ProjectsDetail(BaseDetail):`

			`model = Project`
			`serializer_class = ProjectSerializer`
			`permission_classes = (CustomRbac,)`

Listing tags attached to an organization, and basic model/view things around tag details 2013-03-24 00:03:17 +04:00			`class TagsDetail(BaseDetail):`

			`model = Tag`
			`serializer_class = TagSerializer`
			`permission_classes = (CustomRbac,)`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00