GroupUserViewSet.require_group_member() - Code Metrics - Inspection of "Merge pull request #17 from ProjetSigma/feature/us..." - ProjetSigma/backend - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c420fd...5f1bbe )

by Camille

created 2016-01-26 10:57 UTC

GroupUserViewSet.require_group_member() B

↳ Parent: GroupUserViewSet

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Metric	Value
cc	5
dl	0
loc	13
rs	8.5454

1 Method

Rating	Name	Duplication	Size	Complexity
A	GroupUserViewSet.func_wrapper()	0	8	4

from django.http import Http404

from rest_framework import viewsets, decorators, status, mixins
from rest_framework.response import Response
from rest_framework_extensions.mixins import NestedViewSetMixin, DetailSerializerMixin
from dry_rest_permissions.generics import DRYPermissions

from sigma_core.models.user import User
from sigma_core.models.group_member import GroupMember
from sigma_core.serializers.user import BasicUserWithPermsSerializer, DetailedUserWithPermsSerializer, DetailedUserSerializer

class GroupUserViewSet(DetailSerializerMixin, viewsets.ReadOnlyModelViewSet):
    permission_classes = (DRYPermissions, )
    queryset = User.objects.all()
    serializer_class = DetailedUserSerializer
    queryset_detail = queryset
    serializer_detail_class = DetailedUserWithPermsSerializer

    # Decorators
    def require_group_member(func):
        """
        Let the user see the data if he is member of the requested group or if he is admin.
        """
        def func_wrapper(self, request, parent_lookup_memberships__group=None, *args, **kwargs):
            # Need to be authed
            if request.user.__class__.__name__ == 'AnonymousUser':
                return Response(status=status.HTTP_401_UNAUTHORIZED)
            # Need to be part of the group you want to see the members of
            if not request.user.is_sigma_admin() and not request.user.is_group_member(parent_lookup_memberships__group):
                return Response(status=status.HTTP_403_FORBIDDEN)
            return func(self, request, group=parent_lookup_memberships__group, *args, **kwargs)
        return func_wrapper

    # Restful API
    @require_group_member
    def list(self, request, *args, **kwargs):
        return super().list(self, request, *args, **kwargs)

    @require_group_member
    def retrieve(self, request, pk, group, *args, **kwargs):
        """
        Retrieve an User according to its id (pk).
        ---
        response_serializer: DetailedUserWithPermsSerializer
        """
        try:
            user = self.queryset.filter(pk=pk).get(memberships__group=group)
        except User.DoesNotExist:
            raise Http404()

        # Use DetailedUserWithPermsSerializer to have the groups whom user belongs to
        serializer = DetailedUserWithPermsSerializer(user, context={'request': request})
        return Response(serializer.data, status=status.HTTP_200_OK)


1			from django.http import Http404
2
3			from rest_framework import viewsets, decorators, status, mixins
4			from rest_framework.response import Response
5			from rest_framework_extensions.mixins import NestedViewSetMixin, DetailSerializerMixin
6			from dry_rest_permissions.generics import DRYPermissions
7
8			from sigma_core.models.user import User
9			from sigma_core.models.group_member import GroupMember
10			from sigma_core.serializers.user import BasicUserWithPermsSerializer, DetailedUserWithPermsSerializer, DetailedUserSerializer
11
12			class GroupUserViewSet(DetailSerializerMixin, viewsets.ReadOnlyModelViewSet):
13			permission_classes = (DRYPermissions, )
14			queryset = User.objects.all()
15			serializer_class = DetailedUserSerializer
16			queryset_detail = queryset
17			serializer_detail_class = DetailedUserWithPermsSerializer
18
19			# Decorators
20			def require_group_member(func):
21			"""
22			Let the user see the data if he is member of the requested group or if he is admin.
23			"""
24			def func_wrapper(self, request, parent_lookup_memberships__group=None, args, *kwargs):
25			# Need to be authed
26			if request.user.__class__.__name__ == 'AnonymousUser':
27			return Response(status=status.HTTP_401_UNAUTHORIZED)
28			# Need to be part of the group you want to see the members of
29			if not request.user.is_sigma_admin() and not request.user.is_group_member(parent_lookup_memberships__group):
30			return Response(status=status.HTTP_403_FORBIDDEN)
31			return func(self, request, group=parent_lookup_memberships__group, args, *kwargs)
32			return func_wrapper
33
34			# Restful API
35			@require_group_member
36			def list(self, request, args, *kwargs):
37			return super().list(self, request, args, *kwargs)
38
39			@require_group_member
40			def retrieve(self, request, pk, group, args, *kwargs):
41			"""
42			Retrieve an User according to its id (pk).
43			---
44			response_serializer: DetailedUserWithPermsSerializer
45			"""
46			try:
47			user = self.queryset.filter(pk=pk).get(memberships__group=group)
48			except User.DoesNotExist:
49			raise Http404()
50
51			# Use DetailedUserWithPermsSerializer to have the groups whom user belongs to
52			serializer = DetailedUserWithPermsSerializer(user, context={'request': request})
53			return Response(serializer.data, status=status.HTTP_200_OK)
54

ProjetSigma / backend

Push — master ( c420fd...5f1bbe )

GroupUserViewSet.require_group_member() B

Complexity

Size

Duplication

1 Method

Duplication Side-by-Side

Filter issues like