Versions Compared

Version Old Version 2 New Version 3
Changes made by

Alan Sphinx Service Account

Alan Sphinx Service Account

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

myapp.views.REQUIRED_SCOPES_ALTS = {'DELETE': [['auth-columbia', 'demo-netphone-admin', 'delete'], ['auth-none', 'demo-netphone-admin', 'delete']], 'GET': [['auth-columbia', 'read'], ['auth-none', 'read']], 'HEAD': [['read']], 'OPTIONS': [['read']], 'PATCH': [['auth-columbia', 'demo-netphone-admin', 'update'], ['auth-none', 'demo-netphone-admin', 'update']], 'POST': [['auth-columbia', 'demo-netphone-admin', 'create'], ['auth-none', 'demo-netphone-admin', 'create']]}

For a given HTTP method, a list of valid alternative required scopes. For instance, GET will be allowed if “auth-columbia read” OR “auth-none read” scopes are provided. Note that even HEAD and OPTIONS require the client to be authorized with at least “read” scope.

class myapp.views.MyDjangoModelPermissions

...

Bases: rest_framework.permissions.DjangoModelPermissions

Override DjangoModelPermissions to require view permission as well: The default allows view by anybody.

perms_map = {'DELETE': ['%(app_label)s.delete_%(model_name)s'], 'GET': ['%(app_label)s.view_%(model_name)s'], 'HEAD': ['%(app_label)s.view_%(model_name)s'], 'OPTIONS': ['%(app_label)s.view_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], 'POST': ['%(app_label)s.

...

add_%(model_name)s']}

the usual permissions map plus GET. Also, we omit PUT since we only use PATCH with {json:api}.

class myapp.views.AuthnAuthzMixIn

...

Bases: object

Common Authn/Authz mixin for all View and ViewSet-derived classes:

...

authentication_classes = (<class 'rest_framework.authentication.BasicAuthentication'>, <class 'rest

...

_framework.authentication.SessionAuthentication'>, <class 'oauth2_provider.contrib.rest_framework.authentication.OAuth2Authentication'>)

...

In production Oauth2 is preferred; Allow Basic and Session for testing and browseable API.

...

permission_classes = [<rest_condition.permissions.Condition object>]

...

Either use Scope-based OAuth 2.0 token checking OR authenticated user w/Model Permissions.

...

required_alternate_scopes = {'DELETE': [['auth-columbia', 'demo-netphone-admin', 'delete'], ['auth-none', 'demo-netphone-admin', 'delete']], 'GET': [['auth-columbia', 'read'], ['auth-none', 'read']], 'HEAD': [['read']], 'OPTIONS': [['read']], 'PATCH': [['auth-columbia', 'demo-netphone-admin', 'update'], ['auth-none', 'demo-netphone-admin', 'update']], 'POST': [['auth-columbia', 'demo-netphone-admin', 'create'], ['auth-none', 'demo-netphone-admin', 'create']]}

list of alternatives for required scopes

class myapp.views.CourseBaseViewSet(**kwargs)

...

Bases: myapp.views.AuthnAuthzMixIn, rest_framework_json_api.views.ModelViewSet

Base ViewSet for all our ViewSets:

  • Adds Authn/Authz

...

class myapp.views.CourseViewSet(**kwargs)

...

Bases: myapp.views.CourseBaseViewSet

A course of instruction. e.g. COMSW1002 Computing in Context

...

serializer_

...

class

alias of myapp.serializers.CourseSerializer

...

filterset_fields = {'course_description': ('icontains', 'iexact', 'contains', 'exact', 'lt', 'gt', 'gte', 'lte', 'in'), 'course_identifier': ('icontains', 'iexact', 'contains', 'exact', 'lt', 'gt', 'gte', 'lte', 'in'), 'course_name': ('exact', 'icontains', 'iexact', 'contains'), 'course_number': ('exact',), 'course_terms__term_identifier': ('exact', 'lt', 'gt', 'gte', 'lte', 'in'), 'id': ('exact', 'lt',

...

'gt', 'gte', 'lte', 'in'), 'school_bulletin_prefix_code': ('exact', 'regex'), 'subject_area_code': ('exact', 'lt', 'gt', 'gte', 'lte', 'in')}

See https://docs.djangoproject.com/en/stable/ref/models/querysets/#field-lookups for all the possible filters.

search_fields = ('course_name', 'course_description', 'course_identifier', 'course_number')

...

Keyword searches are across these fields.

...

class myapp.views.CourseTermViewSet(**kwargs)

...

Bases: myapp.views.CourseBaseViewSet

A specific course term (year+semester) instance. e.g. 20183COMSW1002

...

serializer_

...

alias of

...

class

alias of myapp.serializers.CourseTermSerializer

filterset_fields = {'audit_permitted_code': ['exact'], 'course__id': ('exact', 'lt', 'gt', 'gte', 'lte', 'in'), 'exam_credit_flag': ['exact'], 'id': ('exact', 'lt', 'gt', 'gte', 'lte', 'in'), 'term_identifier': ('exact', 'lt', 'gt', 'gte', 'lte', 'in')}

defined filter[] names

search_fields = ('term_identifier',)

...

Keyword searches are just this one field.

...

class myapp.views.PersonViewSet(**kwargs)

...

Bases: myapp.views.CourseBaseViewSet

A person.

...

serializer_

...

class

alias of myapp.serializers.PersonSerializer

...

class Meta

...

Bases: object

In addition to specific filters defined above, also generate some automatic filters.

...

model

alias of myapp.models.Person

...

class myapp.views.InstructorFilterSet(data=None, queryset=None, *, request=None, prefix=None)

...

Bases: django_filters.rest_framework.filterset.FilterSet

Extend django_filters.rest_framework.FilterSet for the Instructor model

Includes a filter “alias” for a chained search from instructor->course_term->course

...

course_name =

...

None

filter[course_name] is an alias for the path course_terms.course.course_name

...

course_name__gt =

...

None

filter[course_name_gt] for greater-than, etc.

...

name =

...

None

filter[name] is an alias for the path course_terms.instructor.person.name

...

name__gt =

...

None

filter[name_gt] for greater-than, etc.

...

class Meta

...

Bases: object

In addition to specific filters defined above, also generate some automatic filters.

...

model

alias of myapp.models.Instructor

...

class myapp.views.InstructorViewSet(**kwargs)

...

Bases: myapp.views.CourseBaseViewSet

An instructor.

...

serializer_

...

class

alias of myapp.serializers.InstructorSerializer

...

filterset_

...

class

alias of InstructorFilterSet

...

class myapp.views.CourseRelationshipView(**kwargs)

...

Bases: myapp.views.AuthnAuthzMixIn, rest_framework_json_api.views.RelationshipView

View for courses.relationships

...

class myapp.views.CourseTermRelationshipView(**kwargs)

...

Bases: myapp.views.AuthnAuthzMixIn, rest_framework_json_api.views.RelationshipView

View for course_terms.relationships

...

class myapp.views.InstructorRelationshipView(**kwargs)

...

Bases: myapp.views.AuthnAuthzMixIn, rest_framework_json_api.views.RelationshipView

View for instructors.relationships

...

class myapp.views.PersonRelationshipView(**kwargs)

...

Bases: myapp.views.AuthnAuthzMixIn, rest_framework_json_api.views.RelationshipView

View for people.relationships