diff --git a/core/models.py b/core/models.py index 0568e15..5d8a60b 100644 --- a/core/models.py +++ b/core/models.py @@ -76,6 +76,7 @@ class Board(models.Model): submitter = models.ForeignKey(User) name = models.CharField(max_length=128, blank=False, null=False) + private = models.BooleanField(default=False, blank=False) pins = models.ManyToManyField("Pin", related_name="pins", blank=True) published = models.DateTimeField(auto_now_add=True) diff --git a/core/serializers.py b/core/serializers.py index f53f813..4f160b8 100644 --- a/core/serializers.py +++ b/core/serializers.py @@ -18,6 +18,14 @@ def filter_private_pin(request, query): return query.select_related('image', 'submitter') +def filter_private_board(request, query): + if request.user.is_authenticated: + query = query.exclude(~Q(submitter=request.user), private=True) + else: + query = query.exclude(private=True) + return query + + class ThumbnailSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = Thumbnail diff --git a/core/tests/api.py b/core/tests/api.py index ce10819..4d0d424 100644 --- a/core/tests/api.py +++ b/core/tests/api.py @@ -36,7 +36,6 @@ class ImageTests(APITestCase): class PrivacyTests(APITestCase): - _JSON_TYPE = "application/json" def setUp(self): super(PrivacyTests, self).setUp() diff --git a/core/views.py b/core/views.py index d75e4de..a23f86a 100644 --- a/core/views.py +++ b/core/views.py @@ -9,7 +9,7 @@ from taggit.models import Tag from core import serializers as api from core.models import Image, Pin, Board from core.permissions import IsOwnerOrReadOnly, OwnerOnlyIfPrivate -from core.serializers import filter_private_pin +from core.serializers import filter_private_pin, filter_private_board class ImageViewSet(mixins.CreateModelMixin, GenericViewSet): @@ -35,20 +35,21 @@ class PinViewSet(viewsets.ModelViewSet): class BoardViewSet(viewsets.ModelViewSet): - queryset = Board.objects.all() serializer_class = api.BoardSerializer filter_backends = (DjangoFilterBackend, OrderingFilter) filter_fields = ("submitter__username", ) ordering_fields = ('-id', ) ordering = ('-id', ) - permission_classes = [IsOwnerOrReadOnly("submitter"), ] + permission_classes = [IsOwnerOrReadOnly("submitter"), OwnerOnlyIfPrivate("submitter")] + + def get_queryset(self): + return filter_private_board(self.request, Board.objects.all()) class BoardAutoCompleteViewSet( mixins.ListModelMixin, viewsets.GenericViewSet, ): - queryset = Board.objects.all() serializer_class = api.BoardAutoCompleteSerializer filter_backends = (DjangoFilterBackend, OrderingFilter) filter_fields = ("submitter__username", ) @@ -56,6 +57,9 @@ class BoardAutoCompleteViewSet( ordering = ('-id', ) pagination_class = None + def get_queryset(self): + return filter_private_board(self.request, Board.objects.all()) + class TagAutoCompleteViewSet(mixins.ListModelMixin, viewsets.GenericViewSet): queryset = Tag.objects.all() @@ -74,6 +78,6 @@ class TagAutoCompleteViewSet(mixins.ListModelMixin, viewsets.GenericViewSet): drf_router = routers.DefaultRouter() drf_router.register(r'pins', PinViewSet, basename="pin") drf_router.register(r'images', ImageViewSet) -drf_router.register(r'boards', BoardViewSet) +drf_router.register(r'boards', BoardViewSet, basename="board") drf_router.register(r'tags-auto-complete', TagAutoCompleteViewSet) -drf_router.register(r'boards-auto-complete', BoardAutoCompleteViewSet) +drf_router.register(r'boards-auto-complete', BoardAutoCompleteViewSet, base_name="board")