From 4b4be14d32330a6df16b51eb2c93d484402d157a Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Mon, 28 Dec 2020 10:00:35 +0200 Subject: [PATCH] Add more responses to the API. --- etebase_fastapi/authentication.py | 10 +++++----- etebase_fastapi/collection.py | 6 +++--- etebase_fastapi/invitation.py | 6 +++--- etebase_fastapi/member.py | 4 ++-- etebase_fastapi/utils.py | 6 +++++- 5 files changed, 18 insertions(+), 14 deletions(-) diff --git a/etebase_fastapi/authentication.py b/etebase_fastapi/authentication.py index 5650652..902b79b 100644 --- a/etebase_fastapi/authentication.py +++ b/etebase_fastapi/authentication.py @@ -14,7 +14,7 @@ from django.contrib.auth import get_user_model, user_logged_out, user_logged_in from django.core import exceptions as django_exceptions from django.db import transaction from django.utils import timezone -from fastapi import APIRouter, Depends, status, Request, Response +from fastapi import APIRouter, Depends, status, Request from fastapi.security import APIKeyHeader from django_etebase import app_settings, models @@ -27,7 +27,7 @@ from django_etebase.utils import create_user, get_user_queryset, CallbackContext from django_etebase.views import msgpack_encode, msgpack_decode from .exceptions import AuthenticationFailed, transform_validation_error, HttpError from .msgpack import MsgpackRoute -from .utils import BaseModel +from .utils import BaseModel, permission_responses User = get_user_model() token_scheme = APIKeyHeader(name="Authorization") @@ -250,21 +250,21 @@ async def login(data: Login, request: Request): return data -@authentication_router.post("/logout/", status_code=status.HTTP_204_NO_CONTENT) +@authentication_router.post("/logout/", status_code=status.HTTP_204_NO_CONTENT, responses=permission_responses) async def logout(request: Request, auth_data: AuthData = Depends(get_auth_data)): await sync_to_async(auth_data.token.delete)() # XXX-TOM await sync_to_async(user_logged_out.send)(sender=auth_data.user.__class__, request=None, user=auth_data.user) -@authentication_router.post("/change_password/", status_code=status.HTTP_204_NO_CONTENT) +@authentication_router.post("/change_password/", status_code=status.HTTP_204_NO_CONTENT, responses=permission_responses) async def change_password(data: ChangePassword, request: Request, user: User = Depends(get_authenticated_user)): host = request.headers.get("Host") await validate_login_request(data.response_data, data, user, "changePassword", host) await sync_to_async(save_changed_password)(data, user) -@authentication_router.post("/dashboard_url/") +@authentication_router.post("/dashboard_url/", responses=permission_responses) def dashboard_url(user: User = Depends(get_authenticated_user)): # XXX-TOM get_dashboard_url = app_settings.DASHBOARD_URL_FUNC diff --git a/etebase_fastapi/collection.py b/etebase_fastapi/collection.py index 7f01682..fad49aa 100644 --- a/etebase_fastapi/collection.py +++ b/etebase_fastapi/collection.py @@ -14,11 +14,11 @@ from .authentication import get_authenticated_user from .exceptions import HttpError, transform_validation_error, PermissionDenied from .msgpack import MsgpackRoute from .stoken_handler import filter_by_stoken_and_limit, filter_by_stoken, get_stoken_obj, get_queryset_stoken -from .utils import get_object_or_404, Context, Prefetch, PrefetchQuery, is_collection_admin, BaseModel +from .utils import get_object_or_404, Context, Prefetch, PrefetchQuery, is_collection_admin, BaseModel, permission_responses User = get_user_model() -collection_router = APIRouter(route_class=MsgpackRoute) -item_router = APIRouter(route_class=MsgpackRoute) +collection_router = APIRouter(route_class=MsgpackRoute, responses=permission_responses) +item_router = APIRouter(route_class=MsgpackRoute, responses=permission_responses) default_queryset: QuerySet = models.Collection.objects.all() default_item_queryset: QuerySet = models.CollectionItem.objects.all() diff --git a/etebase_fastapi/invitation.py b/etebase_fastapi/invitation.py index 38b74d8..1d8df94 100644 --- a/etebase_fastapi/invitation.py +++ b/etebase_fastapi/invitation.py @@ -10,11 +10,11 @@ from django_etebase.utils import get_user_queryset, CallbackContext from .authentication import get_authenticated_user from .exceptions import HttpError, PermissionDenied from .msgpack import MsgpackRoute -from .utils import get_object_or_404, Context, is_collection_admin, BaseModel +from .utils import get_object_or_404, Context, is_collection_admin, BaseModel, permission_responses User = get_user_model() -invitation_incoming_router = APIRouter(route_class=MsgpackRoute) -invitation_outgoing_router = APIRouter(route_class=MsgpackRoute) +invitation_incoming_router = APIRouter(route_class=MsgpackRoute, responses=permission_responses) +invitation_outgoing_router = APIRouter(route_class=MsgpackRoute, responses=permission_responses) default_queryset: QuerySet = models.CollectionInvitation.objects.all() diff --git a/etebase_fastapi/member.py b/etebase_fastapi/member.py index 26cfcff..8ffed9d 100644 --- a/etebase_fastapi/member.py +++ b/etebase_fastapi/member.py @@ -8,13 +8,13 @@ from fastapi import APIRouter, Depends, status from django_etebase import models from .authentication import get_authenticated_user from .msgpack import MsgpackRoute -from .utils import get_object_or_404, BaseModel +from .utils import get_object_or_404, BaseModel, permission_responses from .stoken_handler import filter_by_stoken_and_limit from .collection import get_collection, verify_collection_admin User = get_user_model() -member_router = APIRouter(route_class=MsgpackRoute) +member_router = APIRouter(route_class=MsgpackRoute, responses=permission_responses) default_queryset: QuerySet = models.CollectionMember.objects.all() diff --git a/etebase_fastapi/utils.py b/etebase_fastapi/utils.py index 6ea9513..487f03a 100644 --- a/etebase_fastapi/utils.py +++ b/etebase_fastapi/utils.py @@ -10,7 +10,7 @@ from django.contrib.auth import get_user_model from django_etebase.models import AccessLevels -from .exceptions import HttpError +from .exceptions import HttpError, HttpErrorOut User = get_user_model() @@ -41,3 +41,7 @@ def get_object_or_404(queryset: QuerySet, **kwargs): def is_collection_admin(collection, user): member = collection.members.filter(user=user).first() return (member is not None) and (member.accessLevel == AccessLevels.ADMIN) + + +response_model_dict = {"model": HttpErrorOut} +permission_responses = {403: response_model_dict}