[snowy] Remove slug from note api urls, implement very basic permissions
- From: Brad Taylor <btaylor src gnome org>
- To: svn-commits-list gnome org
- Subject: [snowy] Remove slug from note api urls, implement very basic permissions
- Date: Fri, 15 May 2009 16:51:28 -0400 (EDT)
commit 4648dc756a8b059772e319b161bc9782fe0a4ecc
Author: Brad Taylor <brad getcoded net>
Date: Fri May 15 16:49:52 2009 -0400
Remove slug from note api urls, implement very basic permissions
---
api/handlers.py | 15 ++++++++++-----
api/urls.py | 11 ++++++++---
notes/models.py | 16 +++++++++++-----
notes/urls.py | 2 +-
4 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/api/handlers.py b/api/handlers.py
index 018ab59..0346844 100644
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -67,11 +67,13 @@ class NotesHandler(BaseHandler):
allow_methods = ('GET',)
# TODO: Handle since param
- # TODO: Permissions
@catch_and_return(ObjectDoesNotExist, rc.NOT_HERE)
def read(self, request, username):
user = User.objects.get(username=username)
notes = Note.objects.filter(author=user)
+ if request.user != user:
+ notes.filter(permissions=1) # Public only
+
if request.GET.has_key('include_notes'):
return {'notes': [describe_note(n) for n in notes] }
else:
@@ -81,7 +83,6 @@ class NotesHandler(BaseHandler):
'api-ref': reverse('note_api_detail', kwargs={
'username': n.author.username,
'note_id': n.pk,
- 'slug': n.slug,
}),
'href': n.get_absolute_url(),
},
@@ -90,7 +91,6 @@ class NotesHandler(BaseHandler):
for n in notes
]}
- # TODO: Permissions
@catch_and_return(ObjectDoesNotExist, rc.NOT_HERE)
@catch_and_return(KeyError, rc.BAD_REQUEST)
@transaction.commit_on_success
@@ -99,6 +99,9 @@ class NotesHandler(BaseHandler):
return parser.parse(date).astimezone(pytz.timezone(settings.TIME_ZONE))
user = User.objects.get(username=username)
+ if request.user != user:
+ return rc.FORBIDDEN
+
changes = json.loads(request.raw_post_data)['note-changes']
for c in changes:
note, created = Note.objects.get_or_create(author=user, guid=c['guid'])
@@ -111,10 +114,10 @@ class NotesHandler(BaseHandler):
note.modified = datetime.now()
if c.has_key('create-date'): note.created = clean_date(c['create-date'])
if c.has_key('open-on-startup'): note.open_on_startup = (c['open-on-startup'] == 'true')
-
+ # TODO: tags
note.save()
-# http://domain/api/1.0/user/notes/id/slug
+# http://domain/api/1.0/user/notes/id
class NoteHandler(BaseHandler):
allow_methods = ('GET',)
model = Note
@@ -123,6 +126,8 @@ class NoteHandler(BaseHandler):
def read(self, request, username, note_id, slug):
user = User.objects.get(username=username)
note = Note.objects.get(pk=note_id, slug=slug)
+ if request.user != user and note.permissions == 0:
+ return rc.FORBIDDEN
return {'note': [describe_note(note)]}
def describe_note(note):
diff --git a/api/urls.py b/api/urls.py
index 6a3427b..060dd42 100644
--- a/api/urls.py
+++ b/api/urls.py
@@ -17,16 +17,21 @@
from django.conf.urls.defaults import *
+from piston.authentication import HttpBasicAuthentication
from piston.resource import Resource
+
from snowy.api.handlers import *
+auth = HttpBasicAuthentication(realm='Snowy')
+ad = {'authentication': auth}
+
user_handler = Resource(UserHandler)
-notes_handler = Resource(NotesHandler)
-note_handler = Resource(NoteHandler)
+notes_handler = Resource(handler=NotesHandler, **ad)
+note_handler = Resource(handler=NoteHandler, **ad)
urlpatterns = patterns('',
# 1.0 API methods
- url(r'1.0/(?P<username>\w+)/notes/(?P<note_id>\d+)/(?P<slug>[^/]+)/$', note_handler, name='note_api_detail'),
+ url(r'1.0/(?P<username>\w+)/notes/(?P<note_id>\d+)/$', note_handler, name='note_api_detail'),
url(r'1.0/(?P<username>\w+)/notes/$', notes_handler, name='note_api_index'),
url(r'1.0/(?P<username>\w+)/$', user_handler),
)
diff --git a/notes/models.py b/notes/models.py
index d049466..2479f9f 100644
--- a/notes/models.py
+++ b/notes/models.py
@@ -51,11 +51,17 @@ class Note(models.Model):
@models.permalink
def get_absolute_url(self):
- return ('note_detail', (), {
- 'note_id': self.id,
- 'username': self.author.username,
- 'slug': self.slug,
- })
+ if self.slug == "":
+ return ('note_detail_no_slug', (), {
+ 'note_id': self.id,
+ 'username': self.author.username,
+ })
+ else:
+ return ('note_detail', (), {
+ 'note_id': self.id,
+ 'username': self.author.username,
+ 'slug': self.slug,
+ })
class NoteTag(models.Model):
diff --git a/notes/urls.py b/notes/urls.py
index 523cfaa..51101b9 100644
--- a/notes/urls.py
+++ b/notes/urls.py
@@ -20,6 +20,6 @@ from snowy.notes.models import Note
urlpatterns = patterns('',
url(r'^$', 'snowy.notes.views.note_index', name='note_index'),
- url(r'^(?P<note_id>\d+)/$', 'snowy.notes.views.note_detail'),
+ url(r'^(?P<note_id>\d+)/$', 'snowy.notes.views.note_detail', name='note_detail_no_slug'),
url(r'^(?P<note_id>\d+)/(?P<slug>[^/]+)/$', 'snowy.notes.views.note_detail', name='note_detail'),
)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
