From 13c5219d715bb3c327c3b9f3d19f64647e5b774e Mon Sep 17 00:00:00 2001 From: Eliot Berriot Date: Thu, 17 May 2018 23:39:34 +0200 Subject: [PATCH] See #206: added API endpoint for managing settings --- api/funkwhale_api/instance/urls.py | 6 ++++-- api/funkwhale_api/instance/views.py | 5 +++++ api/funkwhale_api/users/models.py | 6 +++++- api/tests/instance/test_views.py | 28 ++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/api/funkwhale_api/instance/urls.py b/api/funkwhale_api/instance/urls.py index f506488fc..7992842c0 100644 --- a/api/funkwhale_api/instance/urls.py +++ b/api/funkwhale_api/instance/urls.py @@ -1,9 +1,11 @@ from django.conf.urls import url +from rest_framework import routers from . import views - +admin_router = routers.SimpleRouter() +admin_router.register(r'admin/settings', views.AdminSettings, 'admin-settings') urlpatterns = [ url(r'^nodeinfo/2.0/$', views.NodeInfo.as_view(), name='nodeinfo-2.0'), url(r'^settings/$', views.InstanceSettings.as_view(), name='settings'), -] +] + admin_router.urls diff --git a/api/funkwhale_api/instance/views.py b/api/funkwhale_api/instance/views.py index 5953ca555..e6725e248 100644 --- a/api/funkwhale_api/instance/views.py +++ b/api/funkwhale_api/instance/views.py @@ -2,6 +2,7 @@ from rest_framework import views from rest_framework.response import Response from dynamic_preferences.api import serializers +from dynamic_preferences.api import viewsets as preferences_viewsets from dynamic_preferences.registries import global_preferences_registry from funkwhale_api.common import preferences @@ -15,6 +16,10 @@ NODEINFO_2_CONTENT_TYPE = ( ) +class AdminSettings(preferences_viewsets.GlobalPreferencesViewSet): + pagination_class = None + + class InstanceSettings(views.APIView): permission_classes = [] authentication_classes = [] diff --git a/api/funkwhale_api/users/models.py b/api/funkwhale_api/users/models.py index f067a2a8b..8273507c4 100644 --- a/api/funkwhale_api/users/models.py +++ b/api/funkwhale_api/users/models.py @@ -6,7 +6,7 @@ import os import uuid from django.conf import settings -from django.contrib.auth.models import AbstractUser +from django.contrib.auth.models import AbstractUser, Permission from django.urls import reverse from django.db import models from django.utils.encoding import python_2_unicode_compatible @@ -55,6 +55,10 @@ class User(AbstractUser): def __str__(self): return self.username + def add_permission(self, codename): + p = Permission.objects.get(codename=codename) + self.user_permissions.add(p) + def get_absolute_url(self): return reverse('users:detail', kwargs={'username': self.username}) diff --git a/api/tests/instance/test_views.py b/api/tests/instance/test_views.py index 468c0ddae..6d8dcac3e 100644 --- a/api/tests/instance/test_views.py +++ b/api/tests/instance/test_views.py @@ -21,3 +21,31 @@ def test_nodeinfo_endpoint_disabled(db, api_client, preferences): response = api_client.get(url) assert response.status_code == 404 + + +def test_settings_only_list_public_settings(db, api_client, preferences): + url = reverse('api:v1:instance:settings') + response = api_client.get(url) + + for conf in response.data: + p = preferences.model.objects.get( + section=conf['section'], name=conf['name']) + assert p.preference.show_in_api is True + + +def test_admin_settings_restrict_access(db, logged_in_api_client, preferences): + url = reverse('api:v1:instance:admin-settings-list') + response = logged_in_api_client.get(url) + + assert response.status_code == 403 + + +def test_admin_settings_correct_permission( + db, logged_in_api_client, preferences): + user = logged_in_api_client.user + user.add_permission('change_globalpreferencemodel') + url = reverse('api:v1:instance:admin-settings-list') + response = logged_in_api_client.get(url) + + assert response.status_code == 200 + assert len(response.data) == len(preferences.all())