| 1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- from django.contrib.auth.models import User, Group
- from rest_framework import viewsets
- from .serializers import UserSerializer, GroupSerializer
- from rest_framework.views import APIView
- from .permission import HasAPIKey
- from rest_framework.permissions import IsAuthenticated
- from .models import APIKey
- from rest_framework.response import Response
- from django.utils.decorators import method_decorator
- from .decorators import api_permission_required
- class UserViewSet(viewsets.ModelViewSet):
- """
- API endpoint that allows users to be viewed or edited.
- """
- queryset = User.objects.all().order_by('-date_joined')
- serializer_class = UserSerializer
- permission_classes = [HasAPIKey | IsAuthenticated]
- class GroupViewSet(viewsets.ModelViewSet):
- """
- API endpoint that allows groups to be viewed or edited.
- """
- queryset = Group.objects.all()
- serializer_class = GroupSerializer
- permission_classes = [HasAPIKey | IsAuthenticated]
- class SnippetUSER(APIView):
- permission_classes = []
- @method_decorator(api_permission_required("user", "post"), name='dispatch')
- def get(self, request, format=None):
- snippets = User.objects.all()
- serializer = UserSerializer(snippets, many=True, context={'request': request})
- try:
- header_key = request.META["HTTP_X_API_KEY"]
- db_key = APIKey.objects.get_from_key(header_key)
- print(db_key.has_permission_method("user", "get"))
- except:
- header_key = request.META["HTTP_X_CSRFTOKEN"]
- return Response(serializer.data)
|
