from tastypie import fields
from tastypie.authentication import SessionAuthentication, MultiAuthentication
from account.authentication import MultiApiKeyAuthentication
from tastypie.validation import FormValidation
from tastypie.resources import ModelResource
from tastypie.authorization import Authorization
from tastypie.exceptions import Unauthorized
from cred.models import Cred, Tag, CredAudit
from cred.forms import TagForm
class CredAuthorization(Authorization):
def read_list(self, object_list, bundle):
# List views remove the deletes and historical credentials
return object_list.filter(is_deleted=False, latest=None)
def read_detail(self, object_list, bundle):
# This audit should go somewhere else, is there a detail list function we can override?
CredAudit(audittype=CredAudit.CREDPASSVIEW, cred=bundle.obj, user=bundle.request.user).save()
return True
def create_list(self, object_list, bundle):
# Assuming their auto-assigned to ``user``.
raise Unauthorized("Not yet implemented.")
def create_detail(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
def update_list(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
def update_detail(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
def delete_list(self, object_list, bundle):
# Sorry user, no deletes for you!
raise Unauthorized("Not yet implemented.")
def delete_detail(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
class TagAuthorization(Authorization):
def read_list(self, object_list, bundle):
return object_list
def read_detail(self, object_list, bundle):
return True
def create_list(self, object_list, bundle):
# Assuming their auto-assigned to ``user``.
raise Unauthorized("Not yet implemented.")
def create_detail(self, object_list, bundle):
return True
def update_list(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
def update_detail(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
def delete_list(self, object_list, bundle):
# Sorry user, no deletes for you!
raise Unauthorized("Not yet implemented.")
def delete_detail(self, object_list, bundle):
raise Unauthorized("Not yet implemented.")
class CredResource(ModelResource):
def get_object_list(self, request):
# Only show latest, not deleted and accessible credentials
return Cred.objects.accessible(request.user, historical=True, deleted=True)
def dehydrate(self, bundle):
# Workaround for this tastypie issue:
# https://github.com/toastdriven/django-tastypie/issues/201
bundle.data['username'] = bundle.obj.username
# Add a value indicating if something is on the change queue
bundle.data['on_changeq'] = bundle.obj.on_changeq()
# The attachment field is irrelevant, hide it
del bundle.data['attachment']
# Unless you are viewing the details for a cred, hide the password
if self.get_resource_uri(bundle) != bundle.request.path:
del bundle.data['password']
return bundle
class Meta:
queryset = Cred.objects.filter(is_deleted=False, latest=None)
always_return_data = True
resource_name = 'cred'
excludes = ['username', 'is_deleted']
authentication = MultiAuthentication(SessionAuthentication(), MultiApiKeyAuthentication())
authorization = CredAuthorization()
filtering = {
'title': ('exact', 'contains', 'icontains'),
'url': ('exact', 'startswith', ),
}
class TagResource(ModelResource):
# When showing a tag, show all the creds under it, that we are allowed to see
creds = fields.ToManyField(CredResource,
attribute=lambda bundle: Cred.objects.accessible(bundle.request.user).filter(tags=bundle.obj),
null=True,
)
class Meta:
queryset = Tag.objects.all()
always_return_data = True
filtering = {
'name': ('exact', 'contains', 'icontains', 'startswith', 'istartswith'),
}
resource_name = 'tag'
authentication = MultiAuthentication(SessionAuthentication(), MultiApiKeyAuthentication())
authorization = TagAuthorization()
validation = FormValidation(form_class=TagForm)
