ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Strip out response.data.

Browse Source
This commit is contained in:
Norman Jäckel 2018-10-15 21:25:41 +02:00
parent 645ae4a784
commit 6441347d10
3 changed files with 58 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openslides/agenda/views.py
View File

@ -60,19 +60,19 @@ class ItemViewSet(ListModelMixin, RetrieveModelMixin, UpdateModelMixin, GenericV
def update(self, *args, **kwargs): def update(self, *args, **kwargs):
""" """
Customized view endpoint to update all children if, the item type has changed. Customized view endpoint to update all children if the item type has changed.
""" """
old_type = self.get_object().type old_type = self.get_object().type
result = super().update(*args, **kwargs) response = super().update(*args, **kwargs)
# update all children, if the item type has changed # Update all children if the item type has changed.
item = self.get_object() item = self.get_object()
if old_type != item.type: if old_type != item.type:
items_to_update = [] items_to_update = []
# rekursively add children to items_to_update # Recursively add children to items_to_update.
def add_item(item): def add_item(item):
items_to_update.append(item) items_to_update.append(item)
for child in item.children.all(): for child in item.children.all():
@ -81,7 +81,7 @@ class ItemViewSet(ListModelMixin, RetrieveModelMixin, UpdateModelMixin, GenericV
add_item(item) add_item(item)
inform_changed_data(items_to_update) inform_changed_data(items_to_update)
return result return response
@detail_route(methods=['POST', 'PATCH', 'DELETE']) @detail_route(methods=['POST', 'PATCH', 'DELETE'])
def manage_speaker(self, request, pk=None): def manage_speaker(self, request, pk=None):

15
openslides/motions/views.py
View File

@ -21,6 +21,7 @@ from ..utils.rest_api import (
GenericViewSet, GenericViewSet,
ModelViewSet, ModelViewSet,
Response, Response,
ReturnDict,
UpdateModelMixin, UpdateModelMixin,
ValidationError, ValidationError,
detail_route, detail_route,
@ -196,7 +197,12 @@ class MotionViewSet(ModelViewSet):
inform_changed_data(new_users) inform_changed_data(new_users)
headers = self.get_success_headers(serializer.data) headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers) # Strip out response data so nobody gets unrestricted data.
data = ReturnDict(
id=serializer.data.get('id'),
serializer=serializer
)
return Response(data, status=status.HTTP_201_CREATED, headers=headers)
def update(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
""" """
@ -257,7 +263,8 @@ class MotionViewSet(ModelViewSet):
new_users = list(updated_motion.supporters.all()) new_users = list(updated_motion.supporters.all())
inform_changed_data(new_users) inform_changed_data(new_users)
return Response(serializer.data) # We do not add serializer.data to response so nobody gets unrestricted data here.
return Response()
@list_route(methods=['post']) @list_route(methods=['post'])
def sort(self, request): def sort(self, request):
@ -637,10 +644,10 @@ class MotionPollViewSet(UpdateModelMixin, DestroyModelMixin, GenericViewSet):
""" """
Customized view endpoint to update a motion poll. Customized view endpoint to update a motion poll.
""" """
result = super().update(*args, **kwargs) response = super().update(*args, **kwargs)
poll = self.get_object() poll = self.get_object()
poll.motion.write_log([ugettext_noop('Vote updated')], self.request.user) poll.motion.write_log([ugettext_noop('Vote updated')], self.request.user)
return result return response
def destroy(self, *args, **kwargs): def destroy(self, *args, **kwargs):
""" """

52
openslides/utils/rest_api.py
View File

@ -6,13 +6,14 @@ from rest_framework import status
from rest_framework.decorators import detail_route, list_route from rest_framework.decorators import detail_route, list_route
from rest_framework.metadata import SimpleMetadata from rest_framework.metadata import SimpleMetadata
from rest_framework.mixins import ( from rest_framework.mixins import (
CreateModelMixin, CreateModelMixin as _CreateModelMixin,
DestroyModelMixin, DestroyModelMixin,
ListModelMixin as _ListModelMixin, ListModelMixin as _ListModelMixin,
RetrieveModelMixin as _RetrieveModelMixin, RetrieveModelMixin as _RetrieveModelMixin,
UpdateModelMixin, UpdateModelMixin as _UpdateModelMixin,
) )
from rest_framework.relations import MANY_RELATION_KWARGS from rest_framework.relations import MANY_RELATION_KWARGS
from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.routers import DefaultRouter from rest_framework.routers import DefaultRouter
from rest_framework.serializers import ( from rest_framework.serializers import (
@ -33,10 +34,10 @@ from rest_framework.serializers import (
SerializerMethodField, SerializerMethodField,
ValidationError, ValidationError,
) )
from rest_framework.utils.serializer_helpers import ReturnDict
from rest_framework.viewsets import ( from rest_framework.viewsets import (
GenericViewSet as _GenericViewSet, GenericViewSet as _GenericViewSet,
ModelViewSet as _ModelViewSet, ModelViewSet as _ModelViewSet,
ViewSet as _ViewSet,
) )
from .access_permissions import BaseAccessPermissions from .access_permissions import BaseAccessPermissions
@ -44,8 +45,8 @@ from .auth import user_to_collection_user
from .collection import Collection, CollectionElement from .collection import Collection, CollectionElement
__all__ = ['detail_route', 'DecimalField', 'list_route', 'SimpleMetadata', 'CreateModelMixin', __all__ = ['detail_route', 'DecimalField', 'list_route', 'SimpleMetadata',
'DestroyModelMixin', 'UpdateModelMixin', 'CharField', 'DictField', 'FileField', 'DestroyModelMixin', 'CharField', 'DictField', 'FileField',
'IntegerField', 'JSONField', 'ListField', 'ListSerializer', 'status', 'RelatedField', 'IntegerField', 'JSONField', 'ListField', 'ListSerializer', 'status', 'RelatedField',
'SerializerMethodField', 'ValidationError'] 'SerializerMethodField', 'ValidationError']
@ -237,13 +238,44 @@ class RetrieveModelMixin(_RetrieveModelMixin):
return response return response
class CreateModelMixin(_CreateModelMixin):
"""
Mixin to override create requests.
"""
def create(self, request: Request, *args: Any, **kwargs: Any) -> Response:
"""
Just remove all response data (except 'id') so nobody may get
unrestricted data.
Special viewsets may override this.
"""
response = super().create(request, *args, **kwargs)
response.data = ReturnDict(
id=response.data.get('id'),
serializer=response.data.serializer # This kwarg is not send to the client.
)
return response
class UpdateModelMixin(_UpdateModelMixin):
"""
Mixin to override update requests.
"""
def update(self, request: Request, *args: Any, **kwargs: Any) -> Response:
"""
Just remove all response data so nobody may get unrestricted data.
Special viewsets may override this.
"""
response = super().update(request, *args, **kwargs)
response.data = None
return response
class GenericViewSet(PermissionMixin, _GenericViewSet): class GenericViewSet(PermissionMixin, _GenericViewSet):
pass pass
class ModelViewSet(PermissionMixin, ListModelMixin, RetrieveModelMixin, _ModelViewSet): class ModelViewSet(PermissionMixin, ListModelMixin, RetrieveModelMixin,
pass CreateModelMixin, UpdateModelMixin, _ModelViewSet):
class ViewSet(PermissionMixin, _ViewSet):
pass pass