Split up v2 serializers into admin and non-admin versions

This uses a mixin class to the viewset to select the serializer class based on
whether the user is staff or not.

Author: agjohnson

readthedocs/restapi/serializers.py

@@ -26,13 +26,9 @@ class Meta(object):
         )
 
 
-class ProjectSerializerFull(ProjectSerializer):
+class ProjectAdminSerializer(ProjectSerializer):
 
-    """Serializer to return all Project fields, for use by builder instances"""
-
-    class Meta(object):
-        model = Project
-        # The following fields are required by builder processes
+    class Meta(ProjectSerializer.Meta):
         fields = ProjectSerializer.Meta.fields + (
             'enable_epub_build',
             'enable_pdf_build',
@@ -66,7 +62,15 @@ class Meta(object):
         )
 
 
+class VersionAdminSerializer(VersionSerializer):
+
+    """Version serializer that returns admin project data"""
+
+    project = ProjectAdminSerializer()
+
+
 class BuildCommandSerializer(serializers.ModelSerializer):
+
     run_time = serializers.ReadOnlyField()
 
     class Meta(object):
@@ -76,7 +80,7 @@ class Meta(object):
 
 class BuildSerializer(serializers.ModelSerializer):
 
-    """Readonly version of the build serializer, used for user facing display"""
+    """Build serializer for user display, doesn't display internal fields"""
 
     commands = BuildCommandSerializer(many=True, read_only=True)
     state_display = serializers.ReadOnlyField(source='get_state_display')
@@ -86,13 +90,12 @@ class Meta(object):
         exclude = ('builder',)
 
 
-class BuildSerializerFull(BuildSerializer):
+class BuildAdminSerializer(BuildSerializer):
 
-    """Writeable Build instance serializer, for admin access by builders"""
+    """Build serializer for display to admin users and build instances"""
 
-    class Meta(object):
-        model = Build
-        exclude = ('')
+    class Meta(BuildSerializer.Meta):
+        exclude = ()
 
 
 class SearchIndexSerializer(serializers.Serializer):

readthedocs/restapi/views/model_views.py

@@ -21,36 +21,52 @@
 
 from ..permissions import (APIPermission, APIRestrictedPermission,
                            RelatedProjectIsOwner, IsOwner)
-from ..serializers import (BuildSerializerFull, BuildSerializer,
-                           BuildCommandSerializer, ProjectSerializer,
-                           ProjectSerializerFull, VersionSerializer,
+from ..serializers import (BuildSerializer, BuildAdminSerializer,
+                           BuildCommandSerializer,
+                           ProjectSerializer, ProjectAdminSerializer,
+                           VersionSerializer, VersionAdminSerializer,
                            DomainSerializer, RemoteOrganizationSerializer,
                            RemoteRepositorySerializer)
 from .. import utils as api_utils
 
 log = logging.getLogger(__name__)
 
 
-class ProjectViewSet(viewsets.ModelViewSet):
+class UserSelectViewSet(viewsets.ModelViewSet):
+
+    """View set that varies serializer class based on request user credentials
+
+    Viewsets using this class should have an attribute `admin_serializer_class`,
+    which is a serializer that might have more fields that only admin/staff
+    users require. If the user is staff, this class will be returned instead.
+    """
+
+    def get_serializer_class(self):
+        try:
+            if self.request.user.is_staff and self.admin_serializer_class is not None:
+                return self.admin_serializer_class
+        except AttributeError:
+            pass
+        return self.serializer_class
+
+    def get_queryset(self):
+        """Use our API manager method to determine authorization on queryset"""
+        return self.model.objects.api(self.request.user)
+
+
+class ProjectViewSet(UserSelectViewSet):
 
     """List, filter, etc. Projects."""
 
     permission_classes = [APIPermission]
     renderer_classes = (JSONRenderer,)
     serializer_class = ProjectSerializer
+    admin_serializer_class = ProjectAdminSerializer
     model = Project
     paginate_by = 100
     paginate_by_param = 'page_size'
     max_paginate_by = 1000
 
-    def get_queryset(self):
-        return self.model.objects.api(self.request.user)
-
-    def get_serializer_class(self):
-        if self.request.user.is_staff:
-            return ProjectSerializerFull
-        return self.serializer_class
-
     @decorators.detail_route()
     def valid_versions(self, request, **kwargs):
         """Maintain state of versions that are wanted."""
@@ -171,35 +187,22 @@ def sync_versions(self, request, **kwargs):
         })
 
 
-class VersionViewSet(viewsets.ModelViewSet):
+class VersionViewSet(UserSelectViewSet):
 
     permission_classes = [APIRestrictedPermission]
     renderer_classes = (JSONRenderer,)
     serializer_class = VersionSerializer
+    admin_serializer_class = VersionAdminSerializer
     model = Version
 
-    def get_queryset(self):
-        return self.model.objects.api(self.request.user)
-
 
-class BuildViewSetBase(viewsets.ModelViewSet):
+class BuildViewSetBase(UserSelectViewSet):
     permission_classes = [APIRestrictedPermission]
     renderer_classes = (JSONRenderer,)
+    serializer_class = BuildSerializer
+    admin_serializer_class = BuildAdminSerializer
     model = Build
 
-    def get_queryset(self):
-        return self.model.objects.api(self.request.user)
-
-    def get_serializer_class(self):
-        """Vary serializer class based on user status
-
-        This is used to allow write to write-only fields on Build by admin users
-        and to not return those fields to non-admin users.
-        """
-        if self.request.user.is_staff:
-            return BuildSerializerFull
-        return BuildSerializer
-
 
 class BuildViewSet(SettingsOverrideObject):
 
@@ -208,18 +211,12 @@ class BuildViewSet(SettingsOverrideObject):
     _default_class = BuildViewSetBase
 
 
-class BuildCommandViewSet(viewsets.ModelViewSet):
-
-    """This is currently a write-only way to update the commands on build."""
-
+class BuildCommandViewSet(UserSelectViewSet):
     permission_classes = [APIRestrictedPermission]
     renderer_classes = (JSONRenderer,)
     serializer_class = BuildCommandSerializer
     model = BuildCommandResult
 
-    def get_queryset(self):
-        return self.model.objects.api(self.request.user)
-
 
 class NotificationViewSet(viewsets.ReadOnlyModelViewSet):
     permission_classes = (permissions.IsAuthenticated, RelatedProjectIsOwner)
@@ -230,15 +227,12 @@ def get_queryset(self):
         return self.model.objects.api(self.request.user)
 
 
-class DomainViewSet(viewsets.ModelViewSet):
+class DomainViewSet(UserSelectViewSet):
     permission_classes = [APIRestrictedPermission]
     renderer_classes = (JSONRenderer,)
     serializer_class = DomainSerializer
     model = Domain
 
-    def get_queryset(self):
-        return self.model.objects.api(self.request.user)
-
 
 class RemoteOrganizationViewSet(viewsets.ReadOnlyModelViewSet):
     permission_classes = [IsOwner]