From b42c26199c68e5d263dbb3c6a72127e1eb0f3a15 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 13 Oct 2020 16:18:51 +0800 Subject: [PATCH] feat(users): add users status api --- rootfs/api/tests/test_users.py | 18 ++++++++++++++++++ rootfs/api/urls.py | 9 +++++++-- rootfs/api/views.py | 20 ++++++++++++++++++-- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/rootfs/api/tests/test_users.py b/rootfs/api/tests/test_users.py index 2a91f478..c06c5675 100644 --- a/rootfs/api/tests/test_users.py +++ b/rootfs/api/tests/test_users.py @@ -18,6 +18,24 @@ def test_super_user_can_list(self): self.assertEqual(response.status_code, 200, response.data) self.assertEqual(len(response.data['results']), 4) + def test_enable(self): + user = User.objects.get(username='autotest') + token = Token.objects.get(user=user) + response = self.client.patch("/v2/users/autotest2/enable/", + HTTP_AUTHORIZATION='token {}'.format(token)) + self.assertEqual(response.status_code, 204) + user = User.objects.get(username='autotest2') + self.assertEqual(user.is_active, True) + + def test_disable(self): + user = User.objects.get(username='autotest') + token = Token.objects.get(user=user) + response = self.client.patch("/v2/users/autotest2/disable/", + HTTP_AUTHORIZATION='token {}'.format(token)) + self.assertEqual(response.status_code, 204) + user = User.objects.get(username='autotest2') + self.assertEqual(user.is_active, False) + def test_non_super_user_cannot_list(self): user = User.objects.get(username='autotest2') token = Token.objects.get(user=user) diff --git a/rootfs/api/urls.py b/rootfs/api/urls.py index 855e15dd..8a0e7b97 100644 --- a/rootfs/api/urls.py +++ b/rootfs/api/urls.py @@ -142,6 +142,11 @@ })), url(r'^certs/?$', views.CertificateViewSet.as_view({'get': 'list', 'post': 'create'})), - # list users - url(r'^users/?$', views.UserView.as_view({'get': 'list'})), + # users + url(r'^users/?$', + views.UserView.as_view({'get': 'list'})), + url(r'^users/(?P[\w.@+-]+)/enable/?$', + views.UserView.as_view({'patch': 'enable'})), + url(r'^users/(?P[\w.@+-]+)/disable/?$', + views.UserView.as_view({'patch': 'disable'})), ] diff --git a/rootfs/api/views.py b/rootfs/api/views.py index a3e4a1ea..88f7021b 100644 --- a/rootfs/api/views.py +++ b/rootfs/api/views.py @@ -824,13 +824,13 @@ def get_queryset(self, **kwargs): return self.model.objects.filter(is_active=True, is_superuser=True) def create(self, request, **kwargs): - user = get_object_or_404(User, username=request.data['username']) + user = get_object_or_404(self.model, username=request.data['username']) user.is_superuser = user.is_staff = True user.save(update_fields=['is_superuser', 'is_staff']) return Response(status=status.HTTP_201_CREATED) def destroy(self, request, **kwargs): - user = get_object_or_404(User, username=kwargs['username']) + user = get_object_or_404(self.model, username=kwargs['username']) user.is_superuser = user.is_staff = False user.save(update_fields=['is_superuser', 'is_staff']) return Response(status=status.HTTP_204_NO_CONTENT) @@ -844,3 +844,19 @@ class UserView(BaseDryccViewSet): def get_queryset(self): return self.model.objects.exclude(username='AnonymousUser') + + def enable(self, request, **kwargs): + if request.user.username == kwargs['username']: + return Response(status=status.HTTP_423_LOCKED) + user = get_object_or_404(self.model, username=kwargs['username']) + user.is_active = True + user.save(update_fields=['is_active', ]) + return Response(status=status.HTTP_204_NO_CONTENT) + + def disable(self, request, **kwargs): + if request.user.username == kwargs['username']: + return Response(status=status.HTTP_423_LOCKED) + user = get_object_or_404(self.model, username=kwargs['username']) + user.is_active = False + user.save(update_fields=['is_active', ]) + return Response(status=status.HTTP_204_NO_CONTENT)