同步代码

demo/apps/apijson_demo/dbinit.py

@@ -10,6 +10,11 @@
 Moment = models.moment
 
 user_list = [
+    {
+        "username": "admin",
+        "nickname": "Administrator",
+        "email": "admin@localhost",
+    },
     {
         "username": "usera",
         "nickname": "User A",
@@ -101,7 +106,10 @@
         print("create user '%s'"%(d["username"]))
         u = User(**d)
         u.set_password("123")
+        if d["username"]=="admin":
+            u.is_superuser = True
         u.save()
+
 for d in privacy_list:
     user = User.get(User.c.username==d["username"])
     if user:

demo/apps/apijson_demo/views.py

@@ -5,22 +5,22 @@
 @expose('/')
 def index():
     if request.user:
-        user_info = "login as user '%s'"%(request.user)
+        user_info = "login as user '%s(%s)'"%(request.user.username,request.user)
     else:
-        user_info = "not login, you can login with username 'usera/userb/userc', and password '123'"
+        user_info = "not login, you can login with username 'admin/usera/userb/userc', and password '123'"
     request_get = [
         {
-            "label":"Single record query: with id as parameter",
+            "label":"Single record query: no parameter",
             "value":'''{
    "user":{
-     "id":1
    }
 }''',
         },
         {
-            "label":"Single record query: no parameter",
+            "label":"Single record query: with id as parameter",
             "value":'''{
    "user":{
+     "id":1
    }
 }''',
         },

demo/apps/settings.ini

@@ -13,6 +13,7 @@ INSTALLED_APPS = [
     'uliweb.contrib.auth',
     'uliweb.contrib.i18n',
     'uliweb.contrib.flashmessage',
+    'uliweb.contrib.rbac',
     'uliweb_apps.site',
     'uliweb_apps.login',
     'uliweb_comui',
@@ -27,14 +28,9 @@ MAINMENU = {
     ]
 }
 
-[APIJSON_MODEL]
-#overwrite user table to public for test
-user = {
-    "user_id_field" : "id",
-    "secret_fields" : ["password"],
-    "default_filter_by_self" : True
-}
-
 [LAYOUT]
 logo_lg = "Uliweb"
 logo_mini = "U"
+
+[SESSION]
+timeout = 36000

uliweb_apijson/apijson/README.md

@@ -7,176 +7,26 @@ uliweb-apijson is a subset and slightly different variation of [apijson](https:/
 ## example
 
 ```
-[APIJSON_MODEL_CONFIG]
+[APIJSON_MODELS]
 user = {
-    "public" : False,
     "user_id_field" : "id",
     "secret_fields" : ["password"],
-    "default_filter_by_self" : True
+    "rbac_get" : {
+        "roles" : ["ADMIN","OWNER"]
+    }
 }
 ```
 
 ## document
 
 settings.APIJSON_MODEL_CONFIG.[MODEL_NAME]
 
-| Field                  | Doc                                                          |
-| ---------------------- | ------------------------------------------------------------ |
-| public                 | Default to be "False".<br />If not public, should be **login user** and only can see **user own data**. |
-| user_id_field          | Field name of user id, related to query user own data.       |
-| secret_fields          | Secret fields won't be exposed.                              |
-| default_filter_by_self | If True, when no filter parameter, will filter by self user id |
+| Field         | Doc                                                        |
+| ------------- | ---------------------------------------------------------- |
+| user_id_field | Field name of user id, related to query user own data.     |
+| secret_fields | Secret fields won't be exposed.                            |
+| rbac_get      | Configure of roles or permissions for apijson 'get' method |
 
 # Supported API Examples
 
-### Single record query: with id as parameter
-
-URL: apijson/get
-
-Method: POST
-
-Request:
-
-```
-{
-   "user":{
-     "id":1
-   }
-}
-```
-
-Response:
-
-```
-{
-  "code": 200,
-  "msg": "success",
-  "user": {
-    "username": "usera",
-    "nickname": "User A",
-    "email": "usera@localhost",
-    "is_superuser": false,
-    "last_login": null,
-    "date_join": "2018-12-05 15:44:26",
-    "image": "",
-    "active": false,
-    "locked": false,
-    "deleted": false,
-    "auth_type": "default",
-    "id": 1
-  }
-}
-```
-
-### Single record query: no parameter
-
-URL: apijson/get
-
-Method: POST
-
-Request:
-
-```
-{
-   "user":{
-   }
-}
-```
-
-Response:
-
-```
-{
-  "code": 200,
-  "msg": "success",
-  "user": {
-    "username": "usera",
-    "nickname": "User A",
-    "email": "usera@localhost",
-    "is_superuser": false,
-    "last_login": null,
-    "date_join": "2018-12-05 15:44:26",
-    "image": "",
-    "active": false,
-    "locked": false,
-    "deleted": false,
-    "auth_type": "default",
-    "id": 1
-  }
-}
-```
-
-### Single record query: @column
-
-URL: apijson/get
-
-Method: POST
-
-Request:
-
-```
-{
-   "user":{
-     "@column": "id,username,email"
-   }
-}
-```
-
-Response:
-
-```
-{
-  "code": 200,
-  "msg": "success",
-  "user": {
-    "username": "usera",
-    "email": "usera@localhost",
-    "id": 1
-  }
-}
-```
-
-### Array query
-
-URL: apijson/get
-
-Method: POST
-
-Request:
-
-```
-{
-  "[]":{
-    "@count":2,
-    "@page":0,
-    "user":{
-      "@column":"id,username,nickname,email",
-      "@order":"id-"
-    }
-  }
-}
-```
-
-Response:
-
-```
-{
-  "code": 200,
-  "msg": "success",
-  "[]": [
-    {
-      "username": "userc",
-      "nickname": "User C",
-      "email": "userc@localhost",
-      "id": 3
-    },
-    {
-      "username": "userb",
-      "nickname": "User B",
-      "email": "userb@localhost",
-      "id": 2
-    }
-  ]
-}
-```
-
+Please run [demo](../../demo/README.md) project and try it.

uliweb_apijson/apijson/settings.ini

@@ -1,7 +1,16 @@
-[APIJSON_MODEL_CONFIG]
+#apijson style role names
+[ROLES]
+ADMIN = _('APIJSON ADMIN'), 'uliweb.contrib.rbac.superuser', True
+UNKNOWN = _('APIJSON UNKNOWN'), 'uliweb.contrib.rbac.anonymous', True
+LOGIN = _('APIJSON LOGIN'), 'uliweb.contrib.rbac.trusted', True
+#will do more when query in the database
+OWNER = _('APIJSON OWNER'), 'uliweb.contrib.rbac.trusted', True
+
+[APIJSON_MODELS]
 user = {
-    "public" : False,
     "user_id_field" : "id",
     "secret_fields" : ["password"],
-    "default_filter_by_self" : True
+    "rbac_get" : {
+        "roles" : ["ADMIN","OWNER"]
+    }
 }