diff --git a/models/User.py b/models/User.py index 15e10f7..e88e6f4 100644 --- a/models/User.py +++ b/models/User.py @@ -4,9 +4,23 @@ from internal_lib.EncryptedField import EncryptedStringField from models.EmbededDocuments import Descriptions from models.Group import Group from models.Union import Union +from restapi import Methods class User(Document): + meta = { + 'index_background': True, + 'index_cls': False, + 'auto_create_index': True, + 'can_query': True, + "quyery": {}, + 'methods': [Methods.Get, Methods.List, Methods.Create], + "indexes": [ + ('union'), + ('username','union'), + ('accept_date') + ] + } union = ReferenceField(Union) member_no = LongField() username = StringField() diff --git a/restapi/views.py b/restapi/views.py index 2835091..e3811a9 100644 --- a/restapi/views.py +++ b/restapi/views.py @@ -13,6 +13,7 @@ from restapi.resource import Resource class ApiView(View): model = None authentication_methods = [] + def __init__(self, model): self.start = time.time() self.model = model @@ -44,7 +45,12 @@ class ApiView(View): return {'error': str(e)}, '404 Not Found' def get(self, *args, **kwargs): - + """ + TODO: check permissions + :param args: + :param kwargs: + :return: + """ if 'pk' in kwargs: try: count, data = self.resource.to_json(pk=kwargs.get('pk')) @@ -79,6 +85,13 @@ class ApiView(View): return jsonify(response), kwargs.get('code', 200) def post(self, *args, **kwargs): + """ + TODO: check permissions + + :param args: + :param kwargs: + :return: + """ try: item = self.model(**request.json) item.validate() @@ -97,11 +110,18 @@ class ApiView(View): return self.get(pk=data.id, code=201) def put(self, *args, **kwargs): + """ + TODO: check permissions + + :param args: + :param kwargs: + :return: + """ if "pk" not in kwargs: return jsonify({ - 'status': False, - "error":"Method not allowed" - }), 403 + 'status': False, + "error": "Method not allowed" + }), 403 else: try: self.model.objects(id=kwargs.get('pk')).update(**request.json) @@ -118,5 +138,17 @@ class ApiView(View): 'errors': str(e) }), 400 + def has_read_permission(self, request, qs): + return qs + + def has_add_permission(self, request, obj): + return True + + def has_change_permission(self, request, obj): + return True + + def has_delete_permission(self, request, obj): + return True + def delete(self, *args, **kwargs): "delete method"