Merge pull request #330 from taigaio/adding-by_username-endpoint-to-users-API

Adding by_username endpoint to users API
2015-05-27 11:37:21 +02:00 · 2015-05-27 11:37:21 +02:00 · 557cd6ed77
parent fcaa0f7f3b 955a3a32e2
commit 557cd6ed77
3 changed files with 31 additions and 4 deletions
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@ -57,10 +57,11 @@ class UsersViewSet(ModelCrudViewSet):
    filter_backends = (MembersFilterBackend,)

    def get_serializer_class(self):
-        if self.action in ["partial_update", "update", "retrieve"]:
-            user = self.get_object()
+        if self.action in ["partial_update", "update", "retrieve", "by_username"]:
+            user = self.object
            if self.request.user == user:
                return self.admin_serializer_class
+
        return self.serializer_class

    def create(self, *args, **kwargs):
@ -79,6 +80,17 @@ class UsersViewSet(ModelCrudViewSet):

        return response.Ok(serializer.data)

+    @list_route(methods=["GET"])
+    def by_username(self, request, *args, **kwargs):
+        username = request.QUERY_PARAMS.get("username", None)
+        return self.retrieve(request, username=username)
+
+    def retrieve(self, request, *args, **kwargs):
+        self.object = get_object_or_404(models.User, **kwargs)
+        self.check_permissions(request, 'retrieve', self.object)
+        serializer = self.get_serializer(self.object)
+        return response.Ok(serializer.data)
+
    @detail_route(methods=["GET"])
    def contacts(self, request, *args, **kwargs):
        user = self.get_object()
--- a/taiga/users/permissions.py
+++ b/taiga/users/permissions.py
@ -31,7 +31,8 @@ class IsTheSameUser(PermissionComponent):
 class UserPermission(TaigaResourcePermission):
    enought_perms = IsSuperUser()
    global_perms = None
-    retrieve_perms = IsTheSameUser()
+    retrieve_perms = AllowAny()
+    by_username_perms = retrieve_perms
    update_perms = IsTheSameUser()
    destroy_perms = IsTheSameUser()
    list_perms = AllowAny()
--- a/tests/integration/resources_permissions/test_users_resources.py
+++ b/tests/integration/resources_permissions/test_users_resources.py
@ -44,7 +44,7 @@ def test_user_retrieve(client, data):
    ]

    results = helper_test_http_method(client, 'get', url, None, users)
-    assert results == [401, 200, 403, 200]
+    assert results == [200, 200, 200, 200]


 def test_user_me(client, data):
@ -59,6 +59,20 @@ def test_user_me(client, data):
    assert results == [401, 200]


+def test_user_by_username(client, data):
+    url = reverse('users-by-username')
+
+    users = [
+        None,
+        data.registered_user,
+        data.other_user,
+        data.superuser,
+    ]
+
+    results = helper_test_http_method(client, 'get', "{}?username={}".format(url, data.registered_user.username), None, users)
+    assert results == [200, 200, 200, 200]
+
+
 def test_user_update(client, data):
    url = reverse('users-detail', kwargs={"pk": data.registered_user.pk})