diff --git a/demo/apps/apijson_demo/models.py b/demo/apps/apijson_demo/models.py index dd251af..07122b1 100644 --- a/demo/apps/apijson_demo/models.py +++ b/demo/apps/apijson_demo/models.py @@ -14,6 +14,7 @@ class Moment(Model): user_id = Reference("user") date = Field(datetime.datetime, auto_now_add=True) content = Field(TEXT) + picture_list = Field(JSON, default=[]) class Comment(Model): user_id = Reference("user") diff --git a/demo/apps/apijson_demo/settings.ini b/demo/apps/apijson_demo/settings.ini index 87ae4a2..bdf19b1 100644 --- a/demo/apps/apijson_demo/settings.ini +++ b/demo/apps/apijson_demo/settings.ini @@ -2,3 +2,23 @@ privacy = 'apijson_demo.models.Privacy' comment = 'apijson_demo.models.Comment' moment = 'apijson_demo.models.Moment' + +[APIJSON_MODELS] +moment = { + "user_id_field" : "user_id", + "rbac_get" : { + "roles" : ["OWNER"] + }, + "rbac_post" : { + "roles" : ["OWNER"] + } +} + +[APIJSON_REQUESTS] +moment = { + "moment": { + "ADD" :{"@role": ["OWNER"]}, + "DISALLOW" : ["id"], + "NECESSARY" : ["content"] + } +} diff --git a/demo/apps/apijson_demo/templates/index.html b/demo/apps/apijson_demo/templates/index.html index 230d631..250d63e 100644 --- a/demo/apps/apijson_demo/templates/index.html +++ b/demo/apps/apijson_demo/templates/index.html @@ -82,7 +82,7 @@ url: vm.tab2url[vm.tab_current], data: vm.request_data, success: function (data) { - vm.response_data = JSON.stringify(data,null,2) + vm.response_data = JSON.stringify(data,null,4) vm.can_post = false } }) diff --git a/demo/apps/apijson_demo/views.py b/demo/apps/apijson_demo/views.py index 6646283..1639683 100644 --- a/demo/apps/apijson_demo/views.py +++ b/demo/apps/apijson_demo/views.py @@ -49,15 +49,15 @@ def index(): request_post = [ { - "label":"Add record", + "label":"Add new moment", "value":'''{ - "Moment": { + "moment": { "content": "new moment for test", - "pictureList": [ + "picture_list": [ "http://static.oschina.net/uploads/user/48/96331_50.jpg" ] }, - "tag": "Moment" + "@tag": "moment" }''', }, ] diff --git a/uliweb_apijson/apijson/views.py b/uliweb_apijson/apijson/views.py index b5c6959..5945cad 100644 --- a/uliweb_apijson/apijson/views.py +++ b/uliweb_apijson/apijson/views.py @@ -253,4 +253,62 @@ def _filter_owner(self,model,model_setting,q): return owner_filtered,q def post(self): + tag = self.request_data.get("@tag") + for key in self.request_data: + if key[0]!="@": + rsp = self._post_one(key,tag) + if rsp: + return rsp + else: + #only accept one table + return json(self.rdict) return json(self.rdict) + + def _post_one(self,key,tag): + tag = tag or key + modelname = key + params = self.request_data[key] + + try: + model = getattr(models,modelname) + model_setting = settings.APIJSON_MODELS.get(modelname,{}) + request_setting_tag = settings.APIJSON_REQUESTS.get(tag,{}) + user_id_field = model_setting.get("user_id_field") + except ModelNotFound as e: + log.error("try to find model '%s' but not found: '%s'"%(modelname,e)) + return json({"code":400,"msg":"model '%s' not found"%(modelname)}) + + + request_setting = request_setting_tag.get(modelname,{}) + ADD = request_setting.get("ADD") + permission_check_ok = False + if ADD: + _role = ADD.get("@role") + if _role: + for r in _role: + if r == "OWNER": + if request.user: + permission_check_ok = True + if user_id_field: + params[user_id_field] = request.user.id + if not permission_check_ok: + return json({"code":400,"msg":"no permission"}) + + DISALLOW = request_setting.get("DISALLOW") + if DISALLOW: + for field in DISALLOW: + if field in params: + log.error("request '%s' disallow '%s'"%(tag,field)) + return json({"code":400,"msg":"request '%s' disallow '%s'"%(tag,field)}) + + obj = model(**params) + ret = obj.save() + obj_dict = obj.to_dict(convert=False) + if ret: + obj_dict["code"] = 200 + obj_dict["message"] = "success" + else: + obj_dict["code"] = 400 + obj_dict["message"] = "fail" + + self.rdict[key] = obj_dict