From e473ad4045dba959e528acfe4a1a6c1c0a2d6011 Mon Sep 17 00:00:00 2001
From: Mustafa Yontar <mustafa@oyd.org.tr>
Date: Sun, 31 Jan 2021 01:58:05 +0300
Subject: [PATCH] create model meta

---
 models/User.py   | 14 ++++++++++++++
 restapi/views.py | 40 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/models/User.py b/models/User.py
index 15e10f7..e88e6f4 100644
--- a/models/User.py
+++ b/models/User.py
@@ -4,9 +4,23 @@ from internal_lib.EncryptedField import EncryptedStringField
 from models.EmbededDocuments import Descriptions
 from models.Group import Group
 from models.Union import Union
+from restapi import Methods
 
 
 class User(Document):
+    meta = {
+        'index_background': True,
+        'index_cls': False,
+        'auto_create_index': True,
+        'can_query': True,
+        "quyery": {},
+        'methods': [Methods.Get, Methods.List, Methods.Create],
+        "indexes": [
+            ('union'),
+            ('username','union'),
+            ('accept_date')
+        ]
+    }
     union = ReferenceField(Union)
     member_no = LongField()
     username = StringField()
diff --git a/restapi/views.py b/restapi/views.py
index 2835091..e3811a9 100644
--- a/restapi/views.py
+++ b/restapi/views.py
@@ -13,6 +13,7 @@ from restapi.resource import Resource
 class ApiView(View):
     model = None
     authentication_methods = []
+
     def __init__(self, model):
         self.start = time.time()
         self.model = model
@@ -44,7 +45,12 @@ class ApiView(View):
             return {'error': str(e)}, '404 Not Found'
 
     def get(self, *args, **kwargs):
-
+        """
+        TODO: check permissions
+        :param args:
+        :param kwargs:
+        :return:
+        """
         if 'pk' in kwargs:
             try:
                 count, data = self.resource.to_json(pk=kwargs.get('pk'))
@@ -79,6 +85,13 @@ class ApiView(View):
         return jsonify(response), kwargs.get('code', 200)
 
     def post(self, *args, **kwargs):
+        """
+        TODO: check permissions
+
+        :param args:
+        :param kwargs:
+        :return:
+        """
         try:
             item = self.model(**request.json)
             item.validate()
@@ -97,11 +110,18 @@ class ApiView(View):
         return self.get(pk=data.id, code=201)
 
     def put(self, *args, **kwargs):
+        """
+        TODO: check permissions
+
+        :param args:
+        :param kwargs:
+        :return:
+        """
         if "pk" not in kwargs:
             return jsonify({
-                    'status': False,
-                    "error":"Method not allowed"
-                }), 403
+                'status': False,
+                "error": "Method not allowed"
+            }), 403
         else:
             try:
                 self.model.objects(id=kwargs.get('pk')).update(**request.json)
@@ -118,5 +138,17 @@ class ApiView(View):
                     'errors': str(e)
                 }), 400
 
+    def has_read_permission(self, request, qs):
+        return qs
+
+    def has_add_permission(self, request, obj):
+        return True
+
+    def has_change_permission(self, request, obj):
+        return True
+
+    def has_delete_permission(self, request, obj):
+        return True
+
     def delete(self, *args, **kwargs):
         "delete method"