From ecdf07aab65d82c97d20b42afb94d636a8bcb0ea Mon Sep 17 00:00:00 2001 From: Chunlin Zhang Date: Fri, 28 Dec 2018 11:19:55 +0800 Subject: [PATCH] add apijson delete support and example; change 'tag' to '@tag' --- demo/apps/apijson_demo/templates/index.html | 37 +++++-- demo/apps/apijson_demo/views.py | 17 +++- uliweb_apijson/apijson/views.py | 105 ++++++++++++++++++-- 3 files changed, 142 insertions(+), 17 deletions(-) diff --git a/demo/apps/apijson_demo/templates/index.html b/demo/apps/apijson_demo/templates/index.html index 9452c28..96666ed 100644 --- a/demo/apps/apijson_demo/templates/index.html +++ b/demo/apps/apijson_demo/templates/index.html @@ -9,6 +9,7 @@ +
login user
 @@ -49,14 +50,27 @@
PUT URL
 - -
apijson put request examples
 - - - { item.label } - - - + +
apijson put request examples
 + + + { item.label } + + + + + +
DELETE URL
 + + + +
apijson delete request examples
 + + + { item.label } + + +
request data
 @@ -76,6 +90,7 @@ request_get : {{=request_get_json}}, request_post : {{=request_post_json}}, request_put : {{=request_put_json}}, + request_delete : {{=request_delete_json}}, request_data : "", can_post : true, response_data : "", @@ -83,7 +98,8 @@ tab2url : { "tab_get":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.get')}}", "tab_post":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.post')}}", - "tab_put":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.put')}}" + "tab_put":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.put')}}", + "tab_delete":"{{=url_for('uliweb_apijson.apijson.views.ApiJson.delete')}}" } }, methods: { @@ -120,6 +136,9 @@ else if (n=="tab_put") { vm.request_data = vm.request_put[0].value } + else if (n=="tab_delete") { + vm.request_data = vm.request_delete[0].value + } vm.response_data = "" } } diff --git a/demo/apps/apijson_demo/views.py b/demo/apps/apijson_demo/views.py index 88fe8ba..9dbac13 100644 --- a/demo/apps/apijson_demo/views.py +++ b/demo/apps/apijson_demo/views.py @@ -79,7 +79,7 @@ def index(): "moment_id": 1, "content": "new test comment" }, - "tag": "comment" + "@tag": "comment" }''', }, ] @@ -92,7 +92,19 @@ def index(): "id": 1, "content": "modify moment content" }, - "tag": "moment" + "@tag": "moment" +}''', + }, + ] + + request_delete = [ + { + "label":"Delete moment", + "value":'''{ + "moment": { + "id": 1 + }, + "@tag": "moment" }''', }, ] @@ -102,4 +114,5 @@ def index(): "request_get_json":dumps(request_get), "request_post_json":dumps(request_post), "request_put_json":dumps(request_put), + "request_delete_json":dumps(request_delete), } diff --git a/uliweb_apijson/apijson/views.py b/uliweb_apijson/apijson/views.py index 85e28cb..0f6d71d 100644 --- a/uliweb_apijson/apijson/views.py +++ b/uliweb_apijson/apijson/views.py @@ -254,6 +254,8 @@ def _filter_owner(self,model,model_setting,q): def post(self): tag = self.request_data.get("@tag") + if not tag: + return json({"code":400,"msg":"'tag' parameter is needed"}) for key in self.request_data: if key[0]!="@": rsp = self._post_one(key,tag) @@ -265,7 +267,6 @@ def post(self): return json(self.rdict) def _post_one(self,key,tag): - tag = tag or key modelname = key params = self.request_data[key] params_role = params.get("@role") @@ -282,12 +283,12 @@ def _post_one(self,key,tag): request_setting_model = request_setting_tag.get(modelname,{}) request_setting_POST = request_setting_model.get("POST",{}) ADD = request_setting_POST.get("ADD") - permission_check_ok = False if ADD: ADD_role = ADD.get("@role") if ADD_role and not params_role: params_role = ADD_role + permission_check_ok = False POST = model_setting.get("POST") if POST: roles = POST.get("roles") @@ -349,6 +350,8 @@ def _post_one(self,key,tag): def put(self): tag = self.request_data.get("@tag") + if not tag: + return json({"code":400,"msg":"'tag' parameter is needed"}) for key in self.request_data: if key[0]!="@": rsp = self._put_one(key,tag) @@ -361,7 +364,6 @@ def put(self): return json(self.rdict) def _put_one(self,key,tag): - tag = tag or key modelname = key params = self.request_data[key] params_role = params.get("@role") @@ -377,7 +379,6 @@ def _put_one(self,key,tag): request_setting_model = request_setting_tag.get(modelname,{}) request_setting_PUT = request_setting_model.get("PUT",{}) - permission_check_ok = False ADD = request_setting_PUT.get("ADD") if ADD: @@ -393,7 +394,10 @@ def _put_one(self,key,tag): except ValueError as e: return json({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))}) obj = model.get(id_) + if not obj: + return json({"code":400,"msg":"cannot find record id '%s'"%(id_)}) + permission_check_ok = False PUT = model_setting.get("PUT") if PUT: roles = PUT.get("roles") @@ -419,8 +423,6 @@ def _put_one(self,key,tag): if not permission_check_ok: return json({"code":400,"msg":"no permission"}) - if not obj: - return json({"code":400,"msg":"cannot find record id '%s'"%(id_)}) kwargs = {} for k in params: if k=="id": @@ -445,4 +447,95 @@ def _put_one(self,key,tag): self.rdict[key] = obj_dict def delete(self): + tag = self.request_data.get("@tag") + if not tag: + return json({"code":400,"msg":"'tag' parameter is needed"}) + for key in self.request_data: + if key[0]!="@": + rsp = self._delete_one(key,tag) + if rsp: + return rsp + else: + #only accept one table + return json(self.rdict) return json(self.rdict) + + def _delete_one(self,key,tag): + modelname = key + params = self.request_data[key] + params_role = params.get("@role") + + try: + model = getattr(models,modelname) + model_setting = settings.APIJSON_MODELS.get(modelname,{}) + request_setting_tag = settings.APIJSON_REQUESTS.get(tag,{}) + user_id_field = model_setting.get("user_id_field") + except ModelNotFound as e: + log.error("try to find model '%s' but not found: '%s'"%(modelname,e)) + return json({"code":400,"msg":"model '%s' not found"%(modelname)}) + + request_setting_model = request_setting_tag.get(modelname,{}) + request_setting_DELETE = request_setting_model.get("DELETE",{}) + + ADD = request_setting_DELETE.get("ADD") + if ADD: + ADD_role = ADD.get("@role") + if ADD_role and not params_role: + params_role = ADD_role + + try: + id_ = params.get("id") + if not id_: + return json({"code":400,"msg":"id param needed"}) + id_ = int(id_) + except ValueError as e: + return json({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))}) + obj = model.get(id_) + if not obj: + return json({"code":400,"msg":"cannot find record id '%s'"%(id_)}) + + permission_check_ok = False + DELETE = model_setting.get("DELETE") + if DELETE: + roles = DELETE.get("roles") + if params_role: + if not params_role in roles: + return json({"code":401,"msg":"'%s' not accessible by role '%s'"%(modelname,params_role)}) + roles = [params_role] + if roles: + for role in roles: + if role == "OWNER": + if request.user: + if user_id_field: + if obj.to_dict().get(user_id_field)==request.user.id: + permission_check_ok = True + break + else: + return json({"code":400,"msg":"need login user"}) + else: + if functions.has_role(request.user,role): + permission_check_ok = True + break + + if not permission_check_ok: + return json({"code":400,"msg":"no permission"}) + + try: + obj.delete() + ret = True + except Exception as e: + log.error("remove %s %s fail"%(modelname,id_)) + ret = False + + obj_dict = {"id":id_} + if ret: + obj_dict["code"] = 200 + obj_dict["message"] = "success" + obj_dict["count"] = 1 + else: + obj_dict["code"] = 400 + obj_dict["message"] = "fail" + obj_dict["count"] = 0 + self.rdict["code"] = 400 + self.rdict["message"] = "fail" + self.rdict[key] = obj_dict