user profile: update ssh pk

fe01f925 · xiaokong1937@gmail.com · 8a5d0b2d · fe01f925 · fe01f925 · fe01f925
Commit fe01f925 authored Feb 03, 2017 by xiaokong1937@gmail.com
5 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ migrations/
 *.log
 host_rsa_key
 *.bat
+tags
--- a/apps/templates/base.html
+++ b/apps/templates/base.html
@@ -24,9 +24,9 @@
        {% block first_login_message %}
            {% if user.is_authenticated and user.is_first_login %}
            <div class="alert alert-danger" style="margin: 20px auto 0px">
-                {% url 'users:user-first-login' as the_url %}
+                {% url 'users:user-first-login' as first_login_url %}
                {% blocktrans %}
-                Your information was incomplete. Please click <a href="{{ the_url }}"> this link </a>to complete your information.
+                Your information was incomplete. Please click <a href="{{ first_login_url }}"> this link </a>to complete your information.
                {% endblocktrans %}
            </div>
            {% endif %}
@@ -34,8 +34,9 @@
        {% block update_public_key_message %}
            {% if user.is_authenticated and not user.is_public_key_valid %}
            <div class="alert alert-danger" style="margin: 20px auto 0px">
+                {% url 'users:user-profile' as profile_url %}
                {% blocktrans %}
-                Your ssh-public-key has been expired. Please click <a href="#"> this link </a>to  update your ssh-public-key.
+                Your ssh-public-key has been expired. Please click <a href="{{ profile_url }}"> this link </a>to update your ssh-public-key.
                {% endblocktrans %}
            </div>
            {% endif %}

--- a/apps/users/api.py
+++ b/apps/users/api.py
 # ~*~ coding: utf-8 ~*~
-#

-from rest_framework import generics, viewsets
+from rest_framework import generics
+from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.permissions import AllowAny
 from rest_framework_bulk import BulkModelViewSet
-# from django_filters.rest_framework import DjangoFilterBackend

+from . import serializers
+from .hands import write_login_log_async
+from .models import User, UserGroup
+from .permissions import IsSuperUser, IsValidUser, IsCurrentUserOrReadOnly
+from .utils import check_user_valid, generate_token
 from common.mixins import IDInFilterMixin
 from common.utils import get_logger
-from .utils import check_user_valid, generate_token
-from .models import User, UserGroup
-from .hands import write_login_log_async
-from .permissions import (
-    IsSuperUser, IsAppUser, IsValidUser)
-from . import serializers


 logger = get_logger(__name__)
@@ -41,7 +38,7 @@ class UserResetPasswordApi(generics.UpdateAPIView):

    def perform_update(self, serializer):
        # Note: we are not updating the user object here.
-        # We just do the reset-password staff.
+        # We just do the reset-password stuff.
        import uuid
        from .utils import send_reset_password_mail
        user = self.get_object()
@@ -65,6 +62,7 @@ class UserResetPKApi(generics.UpdateAPIView):
 class UserUpdatePKApi(generics.UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = serializers.UserPKUpdateSerializer
+    permission_classes = (IsCurrentUserOrReadOnly,)

    def perform_update(self, serializer):
        user = self.get_object()

--- a/apps/users/permissions.py
+++ b/apps/users/permissions.py
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
-#

-import base64
-
-from django.core.cache import cache
-from django.conf import settings
-from django.utils.translation import ugettext as _
-from rest_framework import authentication, exceptions, permissions
-from rest_framework.compat import is_authenticated
-
-from common.utils import signer, get_object_or_none
-from .hands import Terminal
-from .models import User
+from rest_framework import permissions


 class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
@@ -20,7 +9,7 @@ class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):

    def has_permission(self, request, view):
        return super(IsValidUser, self).has_permission(request, view) \
-               and request.user.is_valid
+            and request.user.is_valid


 class IsAppUser(IsValidUser, permissions.BasePermission):
@@ -28,7 +17,7 @@ class IsAppUser(IsValidUser, permissions.BasePermission):

    def has_permission(self, request, view):
        return super(IsAppUser, self).has_permission(request, view) \
-               and request.user.is_app
+            and request.user.is_app


 class IsSuperUser(IsValidUser, permissions.BasePermission):
@@ -36,7 +25,7 @@ class IsSuperUser(IsValidUser, permissions.BasePermission):

    def has_permission(self, request, view):
        return super(IsSuperUser, self).has_permission(request, view) \
-               and request.user.is_superuser
+            and request.user.is_superuser


 class IsSuperUserOrAppUser(IsValidUser, permissions.BasePermission):
@@ -44,8 +33,12 @@ class IsSuperUserOrAppUser(IsValidUser, permissions.BasePermission):

    def has_permission(self, request, view):
        return super(IsSuperUserOrAppUser, self).has_permission(request, view) \
-               and (request.user.is_superuser or request.user.is_app)
+            and (request.user.is_superuser or request.user.is_app)
+

+class IsCurrentUserOrReadOnly(permissions.BasePermission):

-if __name__ == '__main__':
-    pass
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return obj == request.user
--- a/apps/users/templates/users/user_profile.html
+++ b/apps/users/templates/users/user_profile.html