From 28ad61e5a0ea4867aa92520efbb6584b7d16b3d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Wed, 26 Apr 2017 21:52:20 -0300 Subject: [PATCH 1/6] Adding models to diferent users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tiago Assunção --- umiss_project/umiss_auth/models.py | 37 ++++++++++++++++-------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/umiss_project/umiss_auth/models.py b/umiss_project/umiss_auth/models.py index fd2bc53..0a761aa 100644 --- a/umiss_project/umiss_auth/models.py +++ b/umiss_project/umiss_auth/models.py @@ -4,34 +4,37 @@ class CustomUser(AbstractUser): - type_choices = ( - ('patient', 'User Type Pacient'), - ('monitor', 'User Type Monitor'), + token = models.CharField( + max_length=512, + editable=False, + null=False ) - user_type = models.CharField( - max_length=2, - choices=type_choices, - default='monitor' - ) + def save(self, *args, **kwargs): + self.token = hashlib.sha512( + self.token.encode('utf-8') + ).hexdigest() + + super(CustomUser, self).save(*args, **kwargs) - token = models.CharField(max_length=512, editable=False) +class PatientUser(CustomUser): monitor_users = models.ForeignKey( 'umiss_auth.CustomUser', related_name='monitors', on_delete=models.SET_NULL, null=True, - limit_choices_to=models.Q(user_type='monitor') ) - def save(self, *args, **kwargs): - self.token = hashlib.sha512( - self.token.encode('utf-8') - ).hexdigest() - - super(CustomUser, self).save(*args, **kwargs) - def get_monitor_tokens(self): tokens = [monitor.token for monitor in self.monitors.all()] return tokens + + +class MonitorUser(CustomUser): + android_token = models.CharField( + max_length=512, + editable=True, + null=False, + blank=False + ) From ad45936e0b66c3680f876006a04e060d4e55d480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Wed, 26 Apr 2017 21:52:40 -0300 Subject: [PATCH 2/6] Adding serializer to diferents users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tiago Assunção --- umiss_project/umiss_auth/serializers.py | 12 ++++++++++-- umiss_project/umiss_auth/views.py | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/umiss_project/umiss_auth/serializers.py b/umiss_project/umiss_auth/serializers.py index 80a217c..c7dcebb 100644 --- a/umiss_project/umiss_auth/serializers.py +++ b/umiss_project/umiss_auth/serializers.py @@ -1,10 +1,18 @@ from rest_framework import serializers from body_sign.models import HeartBeats, BodySignal -from .models import CustomUser +from .models import CustomUser, MonitorUser, PatientUser class UserSerializer(serializers.HyperlinkedModelSerializer): - class Meta: model = CustomUser fields = ('url', 'username') + + +class MonitorUserSerializer(UserSerializer): + class Meta: + model = MonitorUser + +class PatientUserSerializer(UserSerializer): + class Meta: + model = PatientUser diff --git a/umiss_project/umiss_auth/views.py b/umiss_project/umiss_auth/views.py index a783a5d..6668375 100644 --- a/umiss_project/umiss_auth/views.py +++ b/umiss_project/umiss_auth/views.py @@ -5,7 +5,7 @@ from rest_framework import permissions -class UserViewSet(viewsets.ModelViewSet): +class UserViewSet(viewsets.ReadOnlyModelViewSet): queryset = CustomUser.objects.all() serializer_class = UserSerializer From 70984fdb4823e531e4ee57127f50cad5efa13c61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Wed, 3 May 2017 14:33:14 -0300 Subject: [PATCH 3/6] Adding validators --- umiss_project/umiss_auth/validators.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 umiss_project/umiss_auth/validators.py diff --git a/umiss_project/umiss_auth/validators.py b/umiss_project/umiss_auth/validators.py new file mode 100644 index 0000000..a2e10af --- /dev/null +++ b/umiss_project/umiss_auth/validators.py @@ -0,0 +1,20 @@ +from django.core.exceptions import ValidationError +from django.utils.translation import ugettext_lazy as _ +from umiss_auth.models import CustomUser +import hashlib + + +def validate_token(token): + patients = CustomUser.objects.filter(user_type='patient') + patient_tokens = [user.token for user in patients] + hash_token = hashlib.sha512( + self.token.encode('utf-8') + ).hexdigest() + + if hash_token not in patient_tokens: + raise ValidationError( + _("The monitor must have a token from a patient." + + " The token %(token) is wrong"), + params={'token': token}, + + ) From 3c623ee135a0e94d6dcfcaaaac6eb67f738fb7e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Mon, 15 May 2017 17:55:26 -0300 Subject: [PATCH 4/6] Adding other users to views --- umiss_project/db.sqlite3 | Bin 0 -> 53248 bytes umiss_project/umiss_auth/models.py | 4 ++-- umiss_project/umiss_auth/permissions.py | 15 +++++++++++++++ umiss_project/umiss_auth/views.py | 12 +++++++++++- umiss_project/umiss_project/urls.py | 4 +++- 5 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 umiss_project/db.sqlite3 create mode 100644 umiss_project/umiss_auth/permissions.py diff --git a/umiss_project/db.sqlite3 b/umiss_project/db.sqlite3 new file mode 100644 index 0000000000000000000000000000000000000000..41381dbaabdf1fc081877559a0db37429ff37d30 GIT binary patch literal 53248 zcmeHQdvF{{d7qgcX|=NDx4ib*mexA^>_w;bJa=Z~m^(>c%d)*ITb3=aF2`necUD?y zAM)->wsaiF>IhJfA`cQ0s1%S#B~%jfAP`a^Bq<<3K}b;vm5>)nsML{4@eT!*kU#Qu z&+N|ZYP7b+o$q{}sZwjU`|Gd2{&n~C*I&P`Ub&R38o_L-T+pjQkzy&Drk)H2DT-Qw zKMDTo&slh3>p$Q>?Rekpb%h#w!PfzyUFgf0W)S@leII=XeGPpTeI5Oa>A6{C&)-A9 zLtx7Y9LJ3}I0(++esK031}AU=oSg^2>D~j5Z#!d(2CLl1%bf#i*u!9x>T$h#cHy;x@2_k z?LdRHzFeJ8E*a%Qu2RXBihbzgy$m{4r!VB@%6b+2D|`2LqM+Xa|M93GMzL z(Hl_`okSz(chS4S(|bGw9x4P5vPX|PnvmUsx(~4ZN9`6gZ|LP}%FwG7{}Hx-&<+d!Kt3pQ<vV>`#;38)bU3hZQj}bdk{eQ8kiwt?4uU)AOMHIsK39 zW9bmxt!FY0;=_d4Z!xiJ*df#3Vq*J0LYTnUJd?CN4<2S|jqb9TwA97}W}wBXB`|Q1 zrA4|6vug?2-_O!d&_0Xj#yZ?fqO~rIxXgQ{oiByTTE^L-6YqY zn3?Uli+Fa_b8U8-J5A4eZcWb}yIJ~Cx`X7>^yxXk(mc&taUE@IyBT1`cLZ$fW$8hh z#XKCo-FsO2IF0Hk;V#&3dRZJutL)mz()~0dSYQ$#$tGjPvRi7W>2F1~{X0me7#!dB zWcRWDLE7R`@7NLXv>4PqnO&^^IH@vqAKb}zQqNJ;bM#a62boo*qR-#Q=3GnAzQCzd z^txWvQ+dN0;Mn7y4Ia$cRCHuI8k`;(y%Y@&YzQ9+o*c+!27*`(n={J6_~djje(lnw z;N_`_*vM2Ocrls?j$E6boQMObSTsKUcyK^pS{ewh=w(2wd{U6*P$L=y7WIO$c_>89 z=L|?NqgRb;u3$8xhAuOmfx$sKL2_2PnTL6nWW~6-Y=GX^@)I@XswMCwmf&%S8LCZm z`2wOyuWL@UtV&2ml@=aOuZ||(b;O($Tg5Dy*HcE`#)jv(CgchwsFRxnhiX6O_XW}- zT`T2^8RNE#;7P#NOd_d7QW-HLrjpCW+)Wo!*2?3x_{5cK(cnbayYZP8P9>> zWZX3Z#-<_108|GvQ=!_fZN2~u7HW&6D9C`Dv~c^as~LDZU`u#6S3}i-bkNLoNZj5T z7(Yr=1W&6DL82zUrb&QEnB;9y{6xuj&g$LA#_uKNA>bkK@*;rs|E5{}mscDwbq@g# zf%}L6?*CcpD-`t=`oEb^qU3!{`aUGJzNg0*&@}q_Ct9>L$LOhIYeP=oZJTLtPNFSo za;6gII!Kv{o{LUJ<73gQFet%OLxk2!B?Q{1J?Kl`9RoW;olB?|+vN+)Y4o~}Xo_|^ z&YYPkLn28ooe>2&#Sz`xop^_<`t44;31d?McaMT4Z-BM|gi!6^ZeQS{M%PZa%MWL0 zqNYn(_at^%Ij}|!?nKEtkGmE&RO{Pg$`)-Wn<^?|idP(Zxw9yC-<5229(R(>t`N8e zg*^TLK759}Bs>IOp$HKBKe|kz|3g1O--R`~FQ9*enSd{$zeb-$pFn?#{s`s-ehd9N zdN0fj{2clz^k$eJSVL7*MDr+xejHtg$ll{2;2}T|=s+~x-ACLb#665%{~_W&LfnJc z?K(i*0CD$Y*VjwjeZ+;uK{VaDhq$|my9>J=JBho4xINfqw-a|8al5gL{KV}dt`ECR zCviK7%d*H%BkV8;`TcnPFN401WtZ^Ue3A*z@euG3cy%Md`yqc~hiCtLbr-XjI}d?& z2$=T2H&E0Y=(jSLn7?gD`{IYK`}X?q9QpH6+dgL-D2Nrt{<+7+B4>wg$rRT#HGD^d zn#;s<-KYjusWi-XH&4>G&WAULHmx%V)kgM#QErf~J!>0^?99~{nvgkuVwB_cl&HwM zZIrW#J2$t+*+lI*I*dqm6r9&qz?}IG)!1HN;0)wp$TbfVuVncYpKdAE?JnjmJJDo4 z)?JGfT7S&}UmzN#pPwO>%3jXrSZrllAuH{|dYh|TJJPMyy~gtVJDYM{6L-|ThIMq~ zx|jAQ<&f9^zxZD@kE4gcgMxt9{vVW*^5paoc<~W%?EmMy{r@jMz8*&pfmbd9r+RV! zzYV>Gf>U|Ej^2mfiQa<#9sM2b1^x^45%k-yT**DjJOo}v2y8=#=&Dhv8oap8eiyp! zci!(u0lJ#g=Sp4O=%7g*@ikuM&c>_M(RdZv#;bq`1DpusM+g0oTt2Ux_PL^1VTEduL%zUFl&(E}=Nu~nZzxiVYnR-?W&>k8(qx_ARx%N)@rO;puijbk z`clGn(mZkxg4g-oo!~au-ul0-fA74Q9s&#ZVQF*E3Qpv!izq zr5#=}e6g&k|I+wDj(682#x$)#$!xyra5Vd1Po zHgB7Yqx9|5#x@>{;m!a52wyuds)xXXj(|7+|DczkC%=cl))Da9|JJedVtNQX=m>c2 z|3NQ7Pks-9ts{W#e~9j*=sxDP2wxNAJq`rcj~wX=)OIK6^{3iQ>9(#rXqg>X6gjOb zyxL|SzLmov%Xrj$o~5gqZ^KfFcB!|U9d4C@*yoz|sDLH0c|}90_PRb_U=iTyxEFZp zlk9hwpCiqty}OHaR}=Yn&M{=Le+wC`pT%=`vi5B$gY`7-wMbh^(Chyl&E0$T5O~NC z@Y?@FR^VQCJp>#GcY zZo+fRW$`s;v6zfne_3++FT2U< zzbrZZmnEnFvgGt%mYn{}lGA@#7M}skBI1(sf4%)b4{rtZa_%AEwSTV;cnCba2=vfj zr4Uu5s3LuW&cKhC^r=N2_XR>Bdi{iRf1q{CxwWUu`W0$6^E3xy8-_)fTr^hg9etAX zUQ~y*2TVA1dbp@p-?(AVxV@As8%cbNuiF;6(?gws$!# z+ezFG; zKFYj{S!Sjgk=a9khyEh{d-OZ#0v)4=fc(|@^aWUI#4m8XGQ`P4oEYS#VL37^sbNu* zRgUZ1Z-+}mLL?}N!y-4#tKo>kYaHL#yD?nQh9xbm$(kmp{re!CHu*z*0mtWrVOb0- z5k=Cp&i=iw1fm?~R8A8jo&9@U2?RN;sFJ_|hutm&JfsrlMVZt1&i-941l+Kwg?TL^ zD-pJTrz-)kge6W;d4=uY(MkYW&;Y2gs0v~P2zp!zq)1qjWl5FT{_U;=q8L^+O_XG| zf13+|IxNd!AtG};&-Qn3BoLHgi4Ut1C*fT9T?qs&Eb@Y+0YR550WXC)1)vt#exD10 zI4nybgQ!F_w!hPb0HA={AWC9HW&1l^2?QyuNQ#P+U|k6~AOI+FHjxVfKP+=$Sp}pa z38s~R0||$5VM&T2MA$wW2&^h?RyinZWmteJ4TZ%?xG6LAn<(ZJ;CRo=g24J|rX%*I zj*)8Wmb!E^pVrdCt&FA>3p&3dNEKDg2%4O(s_}&pescQSt++6on;lOGvorDe*mQa| zQHb4+6(&{_Yl+pwOjL{)67uBq;;qC?VlBR~q)gUcIhkKAlv9=B61S-2BZew26;pg3tkg@h1Wn}z?A3c#i*N_+^IKDKWDr8nJ72+$Y;?$}> zGqIewah=o0+@-M#SweSCY6d|H@;61%V% zTbs`%78b?WLQIYcS8m15CU~4D$Oj)^nBWp?^Ye+q^&I#~amY)2`oe+}J&tr)5`01A zu&To0uo|BKXV6C}81;YjWvTpLq8|qf+7ieMohbI#T1&Y?5;G)I)^qJEwRnLP%7rCr83!$TOnuJ zy=f-m3n&Wx*4XC9p}Qv8V~I6AGI}W*9B`$`O;jj=$r+CGYcVhu9B=Q!}d|UZFV4-DwXoi znAo@ZfH3xX^CkY)l9QEkTynU!6*)LpOU4poE{Dh`ttEEK)fU5_}d~@)IDq=5CZao#U zU73eM6G~^`X=St7DA%}2-qm}r+5dl%0=xewAEd_b$?75CAwUr5Lv@>yJhX9m#2i8O z@jsZfHt7Gj|KCZymO`Ha+utR`Fdt{0VHEm%^l#Eh`Xu#z>JO=BA$XJL%+3y~Um0m^ zGvGK*NaA1S_KhUjXV9>B@z~zQgFQ_ND@sI?IcWz(Ki(9bPv)Q>&FOi!ShB!L5pATW zg9?m~kW+<8g3wc!NdTL^%$G<>YN0 z)Y0Q3_D2*_ZWAp6Ig~g}J=fhq^&5 zn%GEA9t~_tOI4SQ$i)05Nn;(rAy(%gIyn#pp)Is>SQ5cR#-C?_$xNMzU@>tVlYteH zJ8%*?MOKtk2slBlGBebsc3^X^493*+Ob2y*e8h=6snAwEZn|t4OR=#$q_8Rjm=T2r zPRCn0wGlxIM|ee2W!(N*)JegOUvEd};l+DA1RgpBp4RcS<1itHG|n7lLdTJIT(lWuiXtS zlx7x!lLZ-GI7Q%x1$h`|3nI{~i4k#E2X*B5h_w!^(!PUI!Wzs-NeXWNy_Amae;aKAejvTK=S*)0ML#j&%NThB##b8; zQ6JNbK{GH|4-DEzmY>;YMz;>!uT$6rIJz0=7F~gYrL{31?jGIaLWo<$At+D!l-6m9 zZR<1+aj|F6)O3cR>@c|{W;3}Zo`d`Z6crs3JF!^Jv{)Pm;bWj+(ILLW62mH6hYXg_ zW1vZ4IxBq#ot3!d69nCfesr({C+r}?saiizfoeqar&%jSN8jW~)$$EuRpAt9MmU0% zbV~#)d1r(W=tT6O%wic@sIeSQ(g9F==;K4k5{6t`` z3Vi|A_dNxzA2DBIKE%8Yyu8Ol;6*^-u|C{h2D|GYl*W;Qj>?Vo{l|`&bXLW-F9>wB zD@+$Wj9b+4Zd|RKiEzcn6hntFC(UoAXdma`NRfC3$pH*QkC^0E!p-DXn{tq!IEd31 z{W$$*TAaRvP&ojE+E|w*M$6F)4q0#r+#pkcuYq1&E*na~jA#ku648>XH6p(sB8q3a zuxKu^uzamii2hGKNzor>zDE5JUheU!ss3G557l+3r>CdOKXPcjhcfRmv zW6Om(4aV=9r3$69stEU;%8FrRQ)()c^6Rr432Ra2Z}q%NbS93MnoN{CG7Zs0wgQ3)zU6(nLO$kratnbd}d-Q56M6 z&uW5_(M6*c=^~;B9HQgvRa*q-h9x1a2!gB#uMol4xz62G?Zime!JeKW6LfkhwV25Y z$;!Mg$dO|rD1Y3sE2B5pCZk1>pN}jYyOJK|E|zkqCa>OB4DM3-RzAxWq{->gv&v}Y zN@_tqyH;Afyl{4Q`ieE#-dLdoOG;qG4Xb7(j+CuTT;WObFPttF8i<)XtxVRyXtF4& zOL{d2y_T-(VnkOYT~0+ZXb#oHz?&dNGD;*9$?Bq>ap2#Sz&VSJYN{Q5*-`7lCCO+gs`e!PY+(M%DL6^ zbC+f+xv6D!WioMwU=g_kFt9+01FM53sr9PFMPPDDPw_?sgy-cnAfjq%-N*`xkcOJ8 zDNy;fESHsK$i2u*8P3S0VXz=(vT`QH%bFn@MoP};5kpHE*|flOQkD}VTm*(ChMv_G z1pwC--QajJn-Vxci;oDrn#u}#itEJo|83~Ac>n(o(09={UfKIaezte|3IH|5JY4|94Q&QRo8m z9%h36MR>iR&w6i1>vx%Q>&jx;NNRlkN=cE|mXC=SPmP|Ro{9-qZ^={H~ zg=J=x=N2ws&uTedI(92|Yw=uEIe&XzxxP5IqF$S*oE;e{7G~x0wb9vlbZV4O=P#zT zi(}EI9-gci<+N}_JmT19}l`U$Ej>ljM32&rhPA)DgRX-AU;c(C7rw!oEF2 zNgd|Ju%xMys#zt#*M=Aq0?^L}v6kZw0beQ4=GUfjM)cbBvB}FfI3Z&2lQ)*mjt)jE zlY&~fSUz|2CO59lf%YNt=i?K~>g}l;Bdrkd!=ext;89Hoh`{bD4rqjA5=(%^$f9B? zg?vq^d)L~e~uW2x>d&P_-)oypu?HN>4 Sbogv&VOi4T2>%KhOa4ETjaYI3 literal 0 HcmV?d00001 diff --git a/umiss_project/umiss_auth/models.py b/umiss_project/umiss_auth/models.py index 0a761aa..4324620 100644 --- a/umiss_project/umiss_auth/models.py +++ b/umiss_project/umiss_auth/models.py @@ -26,9 +26,9 @@ class PatientUser(CustomUser): null=True, ) + def get_monitor_tokens(self): - tokens = [monitor.token for monitor in self.monitors.all()] - return tokens + return [monitor.token for monitor in self.monitors.all()] class MonitorUser(CustomUser): diff --git a/umiss_project/umiss_auth/permissions.py b/umiss_project/umiss_auth/permissions.py new file mode 100644 index 0000000..e01b54c --- /dev/null +++ b/umiss_project/umiss_auth/permissions.py @@ -0,0 +1,15 @@ +from rest_framework import permissions + + +class IsOwnerOrReadOnly(permissions.BasePermission): + """ + Custom permission to only allow owners of an object to edit it. + """ + + def has_object_permission(self, request, view, obj): + # Read permissions are allowed to any request + if request.method in permissions.SAFE_METHODS: + return True + + # Write permissions are only allowed to the owner of the snippet + return obj.owner == request.user diff --git a/umiss_project/umiss_auth/views.py b/umiss_project/umiss_auth/views.py index 6668375..3942ff2 100644 --- a/umiss_project/umiss_auth/views.py +++ b/umiss_project/umiss_auth/views.py @@ -1,6 +1,7 @@ from django.shortcuts import render from .models import CustomUser -from .serializers import UserSerializer +from .serializers import UserSerializer, MonitorUserSerializer, PatientUserSerializer +from .models import MonitorUser, PatientUser from rest_framework import viewsets from rest_framework import permissions @@ -10,3 +11,12 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = UserSerializer permission_classes = (permissions.AllowAny, permissions.BasePermission) + +class MonitorViewSet(viewsets.ModelViewSet): + queryset = MonitorUser.objects.all() + serializer_class = MonitorUserSerializer + + +class PatienteViewSet(viewsets.ModelViewSet): + queryset = PatientUser.objects.all() + serializer_class = PatientUserSerializer diff --git a/umiss_project/umiss_project/urls.py b/umiss_project/umiss_project/urls.py index a77da8d..3f90204 100644 --- a/umiss_project/umiss_project/urls.py +++ b/umiss_project/umiss_project/urls.py @@ -15,7 +15,7 @@ """ from django.conf.urls import url, include from body_sign import views -from umiss_auth.views import UserViewSet +from umiss_auth.views import UserViewSet, MonitorViewSet, PatienteViewSet from rest_framework.routers import DefaultRouter from rest_framework.authtoken.views import obtain_auth_token @@ -24,6 +24,8 @@ router.register(r'galvanic_resistances', views.GalvanicResistanceViewSet) router.register(r'skin_temperatures', views.SkinTemperatureViewSet) router.register(r'users', UserViewSet) +router.register(r'monitors', MonitorViewSet) +router.register(r'patients', PatienteViewSet) # The API URLs are now determined automatically by the router. # Additionally, we include the login URLs for the browsable API. From d412893a10387f85d23fda6b5131a65b1beb9fec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Mon, 15 May 2017 19:30:04 -0300 Subject: [PATCH 5/6] Adding Anon create to user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tiago Assunção --- umiss_project/umiss_auth/permissions.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/umiss_project/umiss_auth/permissions.py b/umiss_project/umiss_auth/permissions.py index e01b54c..368ab68 100644 --- a/umiss_project/umiss_auth/permissions.py +++ b/umiss_project/umiss_auth/permissions.py @@ -1,5 +1,24 @@ from rest_framework import permissions +class IsAnonCreate(permissions.BasePermission): + def has_permission(self, request, view): + print("ho") + if request.method == "POST" and not request.user.is_authenticated(): + return True + elif not request.user.is_authenticated() and request.method != "POST": + return False + elif request.method in permissions.SAFE_METHODS: + return True + + return False + + def has_object_permission(self, request, view, obj): + if not request.user.is_authenticated(): + return False + if request.method in permissions.SAFE_METHODS: + return True + + return obj.username == request.user.username class IsOwnerOrReadOnly(permissions.BasePermission): """ From 8477085dbdeccabf6860cc67662d0d936ae6abea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Assun=C3=A7=C3=A3o?= Date: Mon, 15 May 2017 19:30:48 -0300 Subject: [PATCH 6/6] Adding perms to serializers --- umiss_project/db.sqlite3 | Bin 53248 -> 61440 bytes .../migrations/0005_auto_20170515_2101.py | 62 ++++++++++++++++++ umiss_project/umiss_auth/serializers.py | 14 +++- umiss_project/umiss_auth/views.py | 9 ++- 4 files changed, 82 insertions(+), 3 deletions(-) create mode 100644 umiss_project/umiss_auth/migrations/0005_auto_20170515_2101.py diff --git a/umiss_project/db.sqlite3 b/umiss_project/db.sqlite3 index 41381dbaabdf1fc081877559a0db37429ff37d30..a5ab0fa5356b6e6faa304b68f6d9c2b5f561e20e 100644 GIT binary patch delta 2545 zcmah~ZERE589wK}{zziqgg_t;Ng6wGNofMP_xdX~q$R}(1hAVxQpZNrbz&!R65FXi zAb4fYb*om|qz?CVqTN6%{An4mDZN{nRtc4^(iqi>s#c=yT8;i272S_bVn15ZoqKJ9 zF_{+WJ-#{5qvw6kIq!MS(i^aJ1CBS>=Mh5NX$UklG=>Y^7Mw3UV`SiyWzi4J!!GG7 zIH}#BU#EsH9Ll6;f(wykESgG16LB;7na+S4$XhzIsumoWi2K%SSc4X9m|XsGgUL`s zCH2f_2>uBl!WXavL3jlE;WzL))H45OK3f+5z}PpcOdU8QO9o~Ag-|*giKjEENK#(` z#S-yoI+2ti9jUFm-J)l%Bls3RhpTV_UV|Jw4LhI{Sms~M^=0uQV{g){kf~!;@h08< zP?V=yOl}s^eM}(UT&u3z*dB_9lZj|JNId6S)SKxtFBQZ;zG7C< zniq)nRa*1Hve*k6l>rd$k`AAEnL_9m(Vpb+t%CSFQ=37B`mw~zLDcQ`!Z&5m*Y*hn_u z8?kt12j~2=Per}i0o#+K^D(b)aL(f%;k~=Y7QNX$^B(tr;LZ9M{p9P@>&P=_2AZQs zqT|9KAKo=H6(0A_PtH3R0y~H7L$d=}^8M+Sz>~X1_<(zi55&eSfzkaje|FC5anH8e84xr`A6yZ(LK()%MzT*vg|I-zSZuq@En)lhSi=I)cxef zn?~uIGi?|y!k4sL&Vkts9{m57OaAue=7TD<5#c|>@6jdtvGOOHc4!;-I&px#B-G6rD_PpkCrL&&ztn93^466$}l+G%n zt=?HAdTw9M^K*ULMu!8xm?2-eHcGj(7qHxA+Ra0cX&MhX$j8kF>63Hc!`cUTSNi(5 z9jaP2^8unp`BT^p8s>v#@onab9Sv$^+SY%sIF93NvQH+0@>y{<-WC*ij=y_wazFAe zPH=I~tybRVunCgp;vH3c9bQE6S9lc;Qeyz-Q|4{vC(H!%II{tNi?8C-cyU?Wk8_=7 zHNt$?D)zQB6gL*l$|zr{&WF(6YMB%*>V-MQRLkyh zWmaR6`Jg#gW^GflR(fT5)=dvlN>5i!$$=HOkPcsZ8P}@Oc?1WT^Gq1Oi_RCsU#!jR z)pbbhL{&{JyQQkSKhF|!9Zf*yE~e+&yGjjhdn*XsMm9(ukk^TmBzye}H WPlp-_5C5Q*j4d}{wV`nQjsF6$N$t)6 delta 1352 zcmah|ZA@Eb6n@`(+TMO}VXTFM73h!!$cD7H?OH~b(1Z<&>t!Y-^+L3kmV~mkMcNe$ zVYGyZL8H5SXYgZ-+x)Rjf~H>0eh`VwA1-5Prbgq`WFscJMNQlf_G8m|FCTM^AKv6X zH#yI9&OOgL@0+;}nNx7oRG2~t*`;^=X%=?ca7uXIEEX!dfZA>se})ruu~x5y9XNP6 z*&FEZ8Hh#_iAX$FPF~lQU_Cjft5W2F6O-)zB9*R$1_vhdM+{{~tyEPD`3U}m1-J$o z2tWla`dOtN?!vOv?@dryHPSC_;(eRakf(zQ1k3O{ybDA$w041T z>Tz-6sSy_#VVKb4^*LcLh{F>vsSEHD0u)0ihO2QHFOh8}0rA$+1XdtKmFI-VsAE+M zDJwCQLhN9;p&=FxT2rh&;j)F< z21h9A;`-dyc3;OJ$96_KTX?q9&-HqJp)?=$zUYm5()<$QdaYms<=+abQs z!?rg+&GJJXX+G^qkY7%BY>!#?uokPc&f=)EI?Y!5ZU?*D;(U^|I&4@-wWffxUuKl0<*S}mYiguCDqG%E-*+H9GNHhP>m+d@uqCN=A{ zv%#<}B%c(_lEArA@;9d=o;mX=^|1R3-bmEu2 z;??tC;3Am`B-8ypmF84%Ak-Tis9|f#tJ5`P`22pA$Eh+t>m*lACE_>J_h9R0m*R~N zpHSo}K!v1J`3kgxDkm&cqUypwiee4bjbIUuLl>|B)VI_})FjoN6Iv;;d+rR*Q=le< zKc;>~cTtldSoB$!W(#7F+Qcx7TH`j2F^CLa*+#FqAen`XKD$f3qA@piSYsHo zs0vZG+N~~Sn7Y+MnB4qwitZ04BR#Ps$$XV5QjHbUvI=cbU0WP^P^xi0Q=yV?oenM` zxCeLOwsf_AgYV&M$<-xkolDX>--k8@Agq%?D}zP`wGuE^saBAd14_oHu9kR#`)~ldc~Fv4hs;uGCx(iX3*LW1*q&l zXA+yZ=rXOd**a=9TN>gHc|H>V>BTopYjd_{ZFq&(Nb_@OR{8Mf?-qzui<`Op$l_euO`5>M2F<_8%6ZQK diff --git a/umiss_project/umiss_auth/migrations/0005_auto_20170515_2101.py b/umiss_project/umiss_auth/migrations/0005_auto_20170515_2101.py new file mode 100644 index 0000000..9eee1af --- /dev/null +++ b/umiss_project/umiss_auth/migrations/0005_auto_20170515_2101.py @@ -0,0 +1,62 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.2 on 2017-05-15 21:01 +from __future__ import unicode_literals + +from django.conf import settings +import django.contrib.auth.models +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('umiss_auth', '0004_auto_20170422_2244'), + ] + + operations = [ + migrations.CreateModel( + name='MonitorUser', + fields=[ + ('customuser_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)), + ('android_token', models.CharField(max_length=512)), + ], + options={ + 'abstract': False, + 'verbose_name_plural': 'users', + 'verbose_name': 'user', + }, + bases=('umiss_auth.customuser',), + managers=[ + ('objects', django.contrib.auth.models.UserManager()), + ], + ), + migrations.CreateModel( + name='PatientUser', + fields=[ + ('customuser_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + 'verbose_name_plural': 'users', + 'verbose_name': 'user', + }, + bases=('umiss_auth.customuser',), + managers=[ + ('objects', django.contrib.auth.models.UserManager()), + ], + ), + migrations.RemoveField( + model_name='customuser', + name='monitor_users', + ), + migrations.RemoveField( + model_name='customuser', + name='user_type', + ), + migrations.AddField( + model_name='patientuser', + name='monitor_users', + field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='monitors', to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/umiss_project/umiss_auth/serializers.py b/umiss_project/umiss_auth/serializers.py index c7dcebb..5fe506d 100644 --- a/umiss_project/umiss_auth/serializers.py +++ b/umiss_project/umiss_auth/serializers.py @@ -9,10 +9,20 @@ class Meta: fields = ('url', 'username') -class MonitorUserSerializer(UserSerializer): +class MonitorUserSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = MonitorUser + fields = ('url', 'username', 'password') -class PatientUserSerializer(UserSerializer): + def create(self, validated_data): + user = MonitorUser.objects.create_user(**validated_data) + return user + +class PatientUserSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = PatientUser + fields = ('url', 'username', 'password') + + def create(self, validated_data): + user = PatientUser.objects.create_user(**validated_data) + return user diff --git a/umiss_project/umiss_auth/views.py b/umiss_project/umiss_auth/views.py index 3942ff2..995298c 100644 --- a/umiss_project/umiss_auth/views.py +++ b/umiss_project/umiss_auth/views.py @@ -4,19 +4,26 @@ from .models import MonitorUser, PatientUser from rest_framework import viewsets from rest_framework import permissions +from .permissions import IsAnonCreate class UserViewSet(viewsets.ReadOnlyModelViewSet): queryset = CustomUser.objects.all() serializer_class = UserSerializer + write_only_fields = ('password',) - permission_classes = (permissions.AllowAny, permissions.BasePermission) + permission_classes = (IsAnonCreate,) class MonitorViewSet(viewsets.ModelViewSet): queryset = MonitorUser.objects.all() serializer_class = MonitorUserSerializer + write_only_fields = ('password') + permission_classes = (IsAnonCreate,) class PatienteViewSet(viewsets.ModelViewSet): queryset = PatientUser.objects.all() serializer_class = PatientUserSerializer + write_only_fields = ('password',) + + permission_classes = (IsAnonCreate,)