api: add possibility to get to user API through /api/users/{user_id}

2015-09-24 12:23:22 +02:00 · 2015-09-24 12:23:22 +02:00 · f0e88b1cc3
parent 5843ad8f33
commit f0e88b1cc3
2 changed files with 14 additions and 4 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -408,9 +408,10 @@ def test_user_forms(local_user):

    resp = get_app(pub).get(sign_uri('/api/user/forms', user=local_user))
    resp2 = get_app(pub).get(sign_uri('/myspace/forms', user=local_user))
+    resp3 = get_app(pub).get(sign_uri('/api/users/%s/forms' % local_user.id))
    assert len(resp.json) == 1
    assert resp.json[0]['form_status'] == 'New'
-    assert resp.json == resp2.json
+    assert resp.json == resp2.json == resp3.json

    resp = get_app(pub).get(sign_uri('/api/user/forms?full=on', user=local_user))
    assert resp.json[0]['fields']['foobar'] == 'foo@localhost'
--- a/wcs/api.py
+++ b/wcs/api.py
@ -348,9 +348,12 @@ class ApiCategoriesDirectory(RootDirectory):
 class ApiUserDirectory(Directory):
    _q_exports = ['', 'forms', 'drafts']

+    def __init__(self, user=None):
+        self.user = user
+
    def _q_index(self):
        get_response().set_content_type('application/json')
-        user = get_user_from_api_query_string() or get_request().user
+        user = self.user or get_user_from_api_query_string() or get_request().user
        if not user:
            raise AccessForbiddenError('no user specified')
        user_info = user.get_substitution_variables(prefix='')
@ -376,7 +379,7 @@ class ApiUserDirectory(Directory):

    def drafts(self):
        get_response().set_content_type('application/json')
-        user = get_user_from_api_query_string() or get_request().user
+        user = self.user or get_user_from_api_query_string() or get_request().user
        if not user:
            raise AccessForbiddenError()
        drafts = []
@ -400,7 +403,7 @@ class ApiUserDirectory(Directory):

    def forms(self):
        get_response().set_content_type('application/json')
-        user = get_user_from_api_query_string() or get_request().user
+        user = self.user or get_user_from_api_query_string() or get_request().user
        if not user:
            raise AccessForbiddenError()
        forms = []
@ -462,6 +465,12 @@ class ApiUsersDirectory(Directory):
        data = [as_dict(x) for x in users]
        return json.dumps({'data': data, 'err': 0})

+    def _q_lookup(self, component):
+        if not (is_url_signed() or (
+                get_request().user and get_request().user.can_go_in_admin())):
+            raise AccessForbiddenError()
+        return ApiUserDirectory(get_publisher().user_class.get(component))
+

 class ApiDirectory(Directory):
    _q_exports = ['forms', 'roles', ('reverse-geocoding', 'reverse_geocoding'),