Skip to content
Snippets Groups Projects
Commit cf82526d authored by Konrad Mohrfeldt's avatar Konrad Mohrfeldt :koala:
Browse files

refactor: tidy up APIUserViewSet 

* normalized queryset handling
* consistent formatting of method descriptions.
parent 60a791ae
No related branches found
No related tags found
1 merge request!20refactor collection filters with django_filters
This commit is part of merge request !20. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 12 deletions
program/views.py
+ 19
12
View file @ cf82526d
......@@ -195,26 +195,26 @@ class APIUserViewSet(
viewsets.GenericViewSet,
):
"""
/users returns oneself. Superusers see all users. Only superusers may create a user (GET, POST)
/users/{pk} retrieves or updates a single user. Non-superusers may only update certain fields
(GET, PUT)
Returns a list of users.
Superusers may access and update all users.
Only returns the user that is currently authenticated unless the user is a superuser.
"""
permission_classes = [permissions.DjangoModelPermissionsOrAnonReadOnly]
serializer_class = UserSerializer
queryset = User.objects.none()
queryset = User.objects.all()
def get_queryset(self):
"""Constrain access to oneself except for superusers"""
if self.request.user.is_superuser:
return User.objects.all()
queryset = super().get_queryset()
# Constrain access to oneself except for superusers.
if not self.request.user.is_superuser:
queryset = queryset.filter(pk=self.request.user.id)
return User.objects.filter(pk=self.request.user.id)
return queryset
def retrieve(self, request, *args, **kwargs):
"""Returns a single user"""
"""Returns a single user."""
pk = get_values(self.kwargs, "pk")
# Common users only see themselves
......@@ -227,8 +227,9 @@ class APIUserViewSet(
def create(self, request, *args, **kwargs):
"""
Create a User
Only superusers may create a user
Create a User.
Only superusers may create users.
"""
if not request.user.is_superuser:
......@@ -243,6 +244,11 @@ class APIUserViewSet(
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def update(self, request, *args, **kwargs):
"""
Updates the user’s data.
Non-superusers may not be able to edit all of the available data.
"""
pk = get_values(self.kwargs, "pk")
serializer = UserSerializer(data=request.data)
......@@ -267,6 +273,7 @@ class APIUserViewSet(
class APIShowViewSet(viewsets.ModelViewSet):
"""
Returns a list of available shows.
Only superusers may add and delete shows.
"""
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment