Filter API results based on authorization.
This commit is contained in:
parent
586391f19d
commit
3d4dbaacb0
2 changed files with 50 additions and 4 deletions
|
@ -17,25 +17,65 @@ from ..serializers.radio import (AlbumSerializer, ArtistSerializer,
|
||||||
|
|
||||||
class AlbumViewSet(viewsets.ModelViewSet):
|
class AlbumViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = [IsAdminOrReadOnly]
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Album.objects.all()
|
|
||||||
serializer_class = AlbumSerializer
|
serializer_class = AlbumSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
'''
|
||||||
|
Only send full data to an admin. All regular users get filtered
|
||||||
|
albums.
|
||||||
|
'''
|
||||||
|
if (self.request.user.is_authenticated and
|
||||||
|
self.request.user.is_staff and
|
||||||
|
not self.request.user.is_dj):
|
||||||
|
return Album.objects.all()
|
||||||
|
return Album.music.available()
|
||||||
|
|
||||||
|
|
||||||
class ArtistViewSet(viewsets.ModelViewSet):
|
class ArtistViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = [IsAdminOrReadOnly]
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Artist.objects.all()
|
|
||||||
serializer_class = ArtistSerializer
|
serializer_class = ArtistSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
'''
|
||||||
|
Only send full data to an admin. All regular users get filtered
|
||||||
|
artists.
|
||||||
|
'''
|
||||||
|
if (self.request.user.is_authenticated and
|
||||||
|
self.request.user.is_staff and
|
||||||
|
not self.request.user.is_dj):
|
||||||
|
return Artist.objects.all()
|
||||||
|
return Artist.music.available()
|
||||||
|
|
||||||
|
|
||||||
class GameViewSet(viewsets.ModelViewSet):
|
class GameViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = [IsAdminOrReadOnly]
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Game.objects.all()
|
|
||||||
serializer_class = GameSerializer
|
serializer_class = GameSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
'''
|
||||||
|
Only send full data to an admin. All regular users get filtered
|
||||||
|
games.
|
||||||
|
'''
|
||||||
|
if (self.request.user.is_authenticated and
|
||||||
|
self.request.user.is_staff and
|
||||||
|
not self.request.user.is_dj):
|
||||||
|
return Game.objects.all()
|
||||||
|
return Game.music.available()
|
||||||
|
|
||||||
|
|
||||||
class SongViewSet(viewsets.ModelViewSet):
|
class SongViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = [IsAdminOrReadOnly]
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Song.objects.all()
|
|
||||||
|
def get_queryset(self):
|
||||||
|
'''
|
||||||
|
Only send full data to an admin. All regular users get filtered
|
||||||
|
songs.
|
||||||
|
'''
|
||||||
|
if (self.request.user.is_authenticated and
|
||||||
|
self.request.user.is_staff and
|
||||||
|
not self.request.user.is_dj):
|
||||||
|
return Song.objects.all()
|
||||||
|
return Song.music.available_songs()
|
||||||
|
|
||||||
def get_serializer_class(self):
|
def get_serializer_class(self):
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -49,6 +49,12 @@ class RadioManager(models.Manager):
|
||||||
"""
|
"""
|
||||||
return self.get_queryset().unpublished()
|
return self.get_queryset().unpublished()
|
||||||
|
|
||||||
|
def available(self):
|
||||||
|
"""
|
||||||
|
Radio objects that are enabled and published.
|
||||||
|
"""
|
||||||
|
return self.enabled().published()
|
||||||
|
|
||||||
|
|
||||||
class SongManager(RadioManager):
|
class SongManager(RadioManager):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in a new issue