Skip to content
Snippets Groups Projects
Verified Commit 13c5219d authored by Eliot Berriot's avatar Eliot Berriot
Browse files

See #206: added API endpoint for managing settings

parent 0dc9cdab
No related branches found
No related tags found
No related merge requests found
from django.conf.urls import url from django.conf.urls import url
from rest_framework import routers
from . import views from . import views
admin_router = routers.SimpleRouter()
admin_router.register(r'admin/settings', views.AdminSettings, 'admin-settings')
urlpatterns = [ urlpatterns = [
url(r'^nodeinfo/2.0/$', views.NodeInfo.as_view(), name='nodeinfo-2.0'), url(r'^nodeinfo/2.0/$', views.NodeInfo.as_view(), name='nodeinfo-2.0'),
url(r'^settings/$', views.InstanceSettings.as_view(), name='settings'), url(r'^settings/$', views.InstanceSettings.as_view(), name='settings'),
] ] + admin_router.urls
...@@ -2,6 +2,7 @@ from rest_framework import views ...@@ -2,6 +2,7 @@ from rest_framework import views
from rest_framework.response import Response from rest_framework.response import Response
from dynamic_preferences.api import serializers from dynamic_preferences.api import serializers
from dynamic_preferences.api import viewsets as preferences_viewsets
from dynamic_preferences.registries import global_preferences_registry from dynamic_preferences.registries import global_preferences_registry
from funkwhale_api.common import preferences from funkwhale_api.common import preferences
...@@ -15,6 +16,10 @@ NODEINFO_2_CONTENT_TYPE = ( ...@@ -15,6 +16,10 @@ NODEINFO_2_CONTENT_TYPE = (
) )
class AdminSettings(preferences_viewsets.GlobalPreferencesViewSet):
pagination_class = None
class InstanceSettings(views.APIView): class InstanceSettings(views.APIView):
permission_classes = [] permission_classes = []
authentication_classes = [] authentication_classes = []
......
...@@ -6,7 +6,7 @@ import os ...@@ -6,7 +6,7 @@ import os
import uuid import uuid
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser, Permission
from django.urls import reverse from django.urls import reverse
from django.db import models from django.db import models
from django.utils.encoding import python_2_unicode_compatible from django.utils.encoding import python_2_unicode_compatible
...@@ -55,6 +55,10 @@ class User(AbstractUser): ...@@ -55,6 +55,10 @@ class User(AbstractUser):
def __str__(self): def __str__(self):
return self.username return self.username
def add_permission(self, codename):
p = Permission.objects.get(codename=codename)
self.user_permissions.add(p)
def get_absolute_url(self): def get_absolute_url(self):
return reverse('users:detail', kwargs={'username': self.username}) return reverse('users:detail', kwargs={'username': self.username})
......
...@@ -21,3 +21,31 @@ def test_nodeinfo_endpoint_disabled(db, api_client, preferences): ...@@ -21,3 +21,31 @@ def test_nodeinfo_endpoint_disabled(db, api_client, preferences):
response = api_client.get(url) response = api_client.get(url)
assert response.status_code == 404 assert response.status_code == 404
def test_settings_only_list_public_settings(db, api_client, preferences):
url = reverse('api:v1:instance:settings')
response = api_client.get(url)
for conf in response.data:
p = preferences.model.objects.get(
section=conf['section'], name=conf['name'])
assert p.preference.show_in_api is True
def test_admin_settings_restrict_access(db, logged_in_api_client, preferences):
url = reverse('api:v1:instance:admin-settings-list')
response = logged_in_api_client.get(url)
assert response.status_code == 403
def test_admin_settings_correct_permission(
db, logged_in_api_client, preferences):
user = logged_in_api_client.user
user.add_permission('change_globalpreferencemodel')
url = reverse('api:v1:instance:admin-settings-list')
response = logged_in_api_client.get(url)
assert response.status_code == 200
assert len(response.data) == len(preferences.all())
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment