Big Update : moderation and viewset permissions centralized

Makefile

@@ -5,7 +5,7 @@ install_backend:
 	pip install -r requirements.txt --quiet
 
 generate_backend:
-	python ./backend/generate/generate_all.py
+	export PYTHONPATH=$$PWD ; python ./backend/generate/generate_all.py
 
 generate_frontend:
 	python ./frontend/generate/generate_frontend_files.py

backend/generate/generate_all.py

 #####
 # This python file is used to generate js files for redux
 from django import template
-import yaml
 from os.path import join, realpath, dirname
+from general.api import get_api_config
 
 ############
 # Need to do this first so that Django template engine is working
@@ -44,7 +44,7 @@ saving_dir = realpath(current_dir + "/../")
 
 # API_BASE = "http://127.0.0.1:8000/api/"
 
-api_config = yaml.load(read_file(join(current_dir, 'api_config.yml')))
+api_config = get_api_config()
 
 # Render urls.py
 template_path = join(templates_dir, 'urls.tpl')

backend/generate/templates/urls.tpl

@@ -9,11 +9,18 @@ from django.conf.urls import url, include
 from django.conf import settings
 from rest_framework import routers
 
-{% spaceless %}
-{% for model in data %}{% if 'requires_testing' not in model or not model.requires_testing %}
+ALL_MODELS = []
+ALL_VIEWSETS = []
+{% for model in data %}
+    {% if not model.requires_testing %}
 from backend.models.{{model.import_location}} import {{model.viewset}}
-{% endif %}{% endfor %}
-{% endspaceless %}
+ALL_VIEWSETS.append({{model.viewset}})
+        {% if model.model is not None and not model.ignore_in_admin%}
+from backend.models.{{model.import_location}} import {{model.model}}
+ALL_MODELS.append({{model.model}})
+        {% endif %}
+    {% endif %}
+{% endfor %}
 
 from rest_framework.documentation import include_docs_urls
 
@@ -24,19 +31,35 @@ urlpatterns = [
 router = routers.DefaultRouter()
 
 if settings.TESTING:
-    {% for model in data %}{% if 'requires_testing' in model or model.requires_testing %}
+    {% for model in data %}{% if model.requires_testing %}
     from backend.models.{{model.import_location}} import {{model.viewset}}
+    ALL_VIEWSETS.append({{model.viewset}})
+    {% if model.model is not None %}
+    from backend.models.{{model.import_location}} import {{model.model}}
+    ALL_MODELS.append({{model.model}})
+    {% endif %}
     router.register(
         r'{{model.api_end_point}}{% if 'api_attr' in model %}/{{model.api_attr}}{% endif %}', 
         {{model.viewset}}{%if 'api_name' in model%},"{{model.api_name}}"{% endif %}
     ){% endif %}{% endfor %}
 
 
-{% for model in data %}{% if 'requires_testing' not in model or not model.requires_testing %}
+{% for model in data %}{% if not model.requires_testing %}
 router.register(
     r'{{model.api_end_point}}{% if 'api_attr' in model %}/{{model.api_attr}}{% endif %}', 
     {{model.viewset}}{%if 'api_name' in model%},"{{model.api_name}}"{% endif %}
 ){% endif %}{% endfor %}
 
 urlpatterns += [url(r'^api/', include(router.urls))]
+
+for model in ALL_MODELS:
+    if model.moderation_level is None:
+        raise Exception("You forgot to set the moderation_level variable in the model {}".format(str(model)))
+
+from backend.permissions import DEFAULT_VIEWSET_PERMISSIONS
+for viewset in ALL_VIEWSETS:
+    for p in DEFAULT_VIEWSET_PERMISSIONS:
+        v_p = viewset.permission_classes
+        if p not in v_p:
+            raise Exception("Permission_classes are not defined correctly in the viewset {}".format(str(viewset)))
 {% endautoescape %}

backend/models/location/city.py

@@ -2,9 +2,12 @@ from django.db import models
 from rest_framework import serializers
 from backend.models.location import Country
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelVersionnedViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class City(MyModel):
+    moderation_level = get_moderation_level("City")
+
     name = models.CharField(max_length=200)
     local_name = models.CharField(max_length=200, null=True, blank=True)
     # We add an area to distinguish similarly named cities
@@ -29,5 +32,6 @@ class CitySerializer(MyModelSerializer):
 
 
 class CityViewSet(MyModelVersionnedViewSet):
+    permission_classes = get_viewset_permissions("CityViewSet")
     queryset = City.objects.all()  # pylint: disable=E1101
     serializer_class = CitySerializer

backend/models/location/cityTaggedItem.py

 from django.db import models
 from backend.models.tag import TaggedItem, TaggedItemSerializer, TaggedItemViewSet
 from backend.models.location import City
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class CityTaggedItem(TaggedItem):
+    moderation_level = get_moderation_level("CityTaggedItem")
+
     city = models.OneToOneField(
         City, on_delete=models.PROTECT, related_name='city_items', primary_key=True)
 
@@ -22,6 +25,6 @@ class CityTaggedItemSerializer(TaggedItemSerializer):
 
 
 class CityTaggedItemViewSet(TaggedItemViewSet):
-
+    permission_classes = get_viewset_permissions("CityTaggedItemViewSet")
     queryset = CityTaggedItem.objects.all()  # pylint: disable=E1101
     serializer_class = CityTaggedItemSerializer

backend/models/location/country.py

 from django.db import models
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelVersionnedViewSet
-
+from backend.utils import get_moderation_level, get_viewset_permissions
 # Data model based on : https://unstats.un.org/unsd/methodology/m49/overview/
 
 
 class Country(MyModel):
+    moderation_level = get_moderation_level("Country")
+
     name = models.CharField(max_length=200)
     iso_alpha2_code = models.CharField(primary_key=True, max_length=2)
     iso_alpha3_code = models.CharField(
@@ -27,5 +29,6 @@ class CountrySerializer(MyModelSerializer):
 
 
 class CountryViewSet(MyModelVersionnedViewSet):
+    permission_classes = get_viewset_permissions("CountryViewSet")
     queryset = Country.objects.all()  # pylint: disable=E1101
     serializer_class = CountrySerializer

backend/models/location/countryDri.py

 from django.db import models
 from backend.models.location import Country
 from backend.models.module import DriRestrictedModule, DriRestrictedModuleSerializer, DriRestrictedModuleViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class CountryDri(DriRestrictedModule):
+    moderation_level = get_moderation_level("CountryDri")
     country = models.ManyToManyField(
         Country, related_name="country_dri")
 
@@ -20,5 +22,6 @@ class CountryDriSerializer(DriRestrictedModuleSerializer):
 
 
 class CountryDriViewSet(DriRestrictedModuleViewSet):
+    permission_classes = get_viewset_permissions("CountryDriViewSet")
     queryset = CountryDri.objects.all()  # pylint: disable=E1101
     serializer_class = CountryDriSerializer

backend/models/location/countryScholarship.py

 from django.db import models
 from backend.models.location import Country
 from backend.models.module import Scholarship, ScholarshipSerializer, ScholarshipViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class CountryScholarship(Scholarship):
+    moderation_level = get_moderation_level("CountryScholarship")
     country = models.ManyToManyField(
         Country, related_name="country_scholarhip")
 
@@ -20,5 +22,6 @@ class CountryScholarshipSerializer(ScholarshipSerializer):
 
 
 class CountryScholarshipViewSet(ScholarshipViewSet):
+    permission_classes = get_viewset_permissions("CountryScholarshipViewSet")
     queryset = CountryScholarship.objects.all()  # pylint: disable=E1101
     serializer_class = CountryScholarshipSerializer

backend/models/location/countryTaggedItem.py

 from django.db import models
 from backend.models.tag import TaggedItem, TaggedItemSerializer, TaggedItemViewSet
 from backend.models.location import Country
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class CountryTaggedItem(TaggedItem):
+    moderation_level = get_moderation_level("CountryTaggedItem")
     country = models.OneToOneField(
         Country, on_delete=models.PROTECT, related_name='country_items', primary_key=True)
 
@@ -22,6 +24,6 @@ class CountryTaggedItemSerializer(TaggedItemSerializer):
 
 
 class CountryTaggedItemViewSet(TaggedItemViewSet):
-
+    permission_classes = get_viewset_permissions("CountryTaggedItemViewSet")
     queryset = CountryTaggedItem.objects.all()  # pylint: disable=E1101
     serializer_class = CountryTaggedItemSerializer

backend/models/location/currency.py

 from django.db import models
-from rest_framework import permissions
 from django.core.validators import MinValueValidator
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Currency(MyModel):
+    moderation_level = get_moderation_level("Currency")
+
     code = models.CharField(primary_key=True, max_length=3)
     name = models.CharField(max_length=100)
     symbol = models.CharField(null=True, blank=True, max_length=30)
@@ -22,6 +24,6 @@ class CurrencySerializer(MyModelSerializer):
 
 
 class CurrencyViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)  # TODO : change
+    permission_classes = get_viewset_permissions("CurrencyViewSet")
     queryset = Currency.objects.all()  # pylint: disable=E1101
     serializer_class = CurrencySerializer

backend/models/my_model/forTestingModeration.py

@@ -2,12 +2,14 @@ from .myModel import MyModel
 from .myModelSerializer import MyModelSerializer
 from .myModelViewSet import MyModelViewSet
 from django.db import models
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class ForTestingModeration(MyModel):
     """
         Simple model for testing purposes
     """
+    moderation_level = get_moderation_level("ForTestingModeration")
     aaa = models.CharField(max_length=100)
 
 
@@ -24,5 +26,6 @@ class ForTestingModerationViewSet(MyModelViewSet):
     """
         Same as above
     """
+    permission_classes = get_viewset_permissions("ForTestingModerationViewSet")
     serializer_class = ForTestingModerationSerializer
     queryset = ForTestingModeration.objects.all()

backend/models/my_model/forTestingVersioning.py

 from .myModelVersionned import MyModelVersionned, MyModelVersionnedSerializer, MyModelVersionnedViewSet
 from django.db import models
 import reversion
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 @reversion.register()
@@ -8,6 +9,7 @@ class ForTestingVersioning(MyModelVersionned):
     """
         Simple model for testing purposes
     """
+    moderation_level = get_moderation_level("ForTestingVersioning")
     bbb = models.CharField(max_length=100)
 
     @classmethod
@@ -28,5 +30,6 @@ class ForTestingVersioningViewSet(MyModelVersionnedViewSet):
     """
         Same as above
     """
+    permission_classes = get_viewset_permissions("ForTestingVersioningViewSet")
     serializer_class = ForTestingVersioningSerializer
     queryset = ForTestingVersioning.objects.all()

backend/models/my_model/myModel.py

@@ -23,3 +23,5 @@ class MyModel(models.Model):
 
     class Meta:
         abstract = True
+
+    moderation_level = None

backend/models/my_model/myModelVersionned.py

 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
 from backend.signals import new_revision_saved
-from rest_framework import serializers, permissions, mixins, viewsets
+from rest_framework import serializers, mixins, viewsets
 import reversion
 from reversion.models import Version
 from django.contrib.contenttypes.models import ContentType
 from django.core.serializers.base import DeserializationError
 from django.core import serializers as djangoSerializers
+from backend.utils import get_viewset_permissions
 
 
 class MyModelVersionned(MyModel):
@@ -81,7 +82,7 @@ class VersionSerializer(serializers.ModelSerializer):
 
 class VersionViewSet(mixins.ListModelMixin,
                      viewsets.GenericViewSet):  # TODO better presentation
-    permission_classes = (permissions.IsAuthenticated,)
+    permission_classes = get_viewset_permissions("VersionViewSet")
     serializer_class = VersionSerializer
 
     def get_queryset(self):

backend/models/my_model/myModelViewSet.py

-from rest_framework import permissions
 from .myModelSerializer import MyModelSerializer
-from backend.models.tools import NoDeleteIfNotAdmin
+from backend.permissions import DEFAULT_VIEWSET_PERMISSIONS
 from backend.models.tools import DictModeViewSet
 
 
 class MyModelViewSet(DictModeViewSet):
     serializer_class = MyModelSerializer
-    permission_classes = (
-        permissions.IsAuthenticated,
-        NoDeleteIfNotAdmin,
-    )
+    permission_classes = DEFAULT_VIEWSET_PERMISSIONS
 
     def get_queryset(self):
         """

backend/models/my_model/pendingModeration.py

 from django.db import models
-from rest_framework import serializers, viewsets, permissions
+from rest_framework import serializers, viewsets
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.postgres.fields import JSONField
 from django.contrib.auth.models import User
+from backend.utils import get_viewset_permissions, get_moderation_level
 
 
 class PendingModeration(models.Model):
+    moderation_level = get_moderation_level("PendingModeration")
+
     content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE)
     object_id = models.CharField(max_length=100)  # 100 should be ok
     referenced_object = GenericForeignKey('content_type', 'object_id')
@@ -36,6 +39,6 @@ class PendingModerationSerializer(serializers.ModelSerializer):
 
 
 class PendingModerationViewSet(viewsets.ModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("PendingModerationViewSet")
     queryset = PendingModeration.objects.all()  # pylint: disable=E1101
     serializer_class = PendingModerationSerializer

backend/models/other_core/department.py

 from django.db import models
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
-from rest_framework import permissions
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Department(MyModel):
+    moderation_level = get_moderation_level("Department")
+
     code = models.CharField(primary_key=True, max_length=6)
     name = models.CharField(max_length=100)
     active = models.BooleanField()
@@ -16,6 +18,6 @@ class DepartmentSerializer(MyModelSerializer):
 
 
 class DepartmentViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("DepartmentViewSet")
     queryset = Department.objects.all()  # pylint: disable=E1101
     serializer_class = DepartmentSerializer

backend/models/other_core/offer.py

 from django.db import models
-from rest_framework import permissions
 from backend.models.university import University
 from backend.models.other_core import Semester, Specialty
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Offer(MyModel):
+    moderation_level = get_moderation_level("Offer")
     semester = models.ForeignKey(Semester, on_delete=models.PROTECT)
     university = models.ForeignKey(University, on_delete=models.PROTECT)
 
@@ -28,6 +29,6 @@ class OfferSerializer(MyModelSerializer):
 
 
 class OfferViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("OfferViewSet")
     queryset = Offer.objects.all()  # pylint: disable=E1101
     serializer_class = OfferSerializer

backend/models/other_core/semester.py

 from django.db import models
-from rest_framework import permissions
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Semester(MyModel):
+    moderation_level = get_moderation_level("Semester")
     code = models.CharField(primary_key=True, max_length=6)
 
 
@@ -14,6 +15,6 @@ class SemesterSerializer(MyModelSerializer):
 
 
 class SemesterViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("SemesterViewSet")
     queryset = Semester.objects.all()  # pylint: disable=E1101
     serializer_class = SemesterSerializer

backend/models/other_core/specialty.py

 from django.db import models
-from rest_framework import permissions
 from backend.models.other_core import Department
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Specialty(MyModel):
+    moderation_level = get_moderation_level("Specialty")
     code = models.CharField(max_length=6)
     department = models.ForeignKey(Department, on_delete=models.PROTECT)
     name = models.CharField(max_length=100)
@@ -22,6 +23,6 @@ class SpecialtySerializer(MyModelSerializer):
 
 
 class SpecialtyViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("SpecialtyViewSet")
     queryset = Specialty.objects.all()  # pylint: disable=E1101
     serializer_class = SpecialtySerializer