| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- from django.core.exceptions import PermissionDenied
- from django.db.models import Q
- from django.utils.translation import ugettext as _
- from rest_framework import status, viewsets, mixins
- from rest_framework.response import Response
- from misago.core.apipaginator import ApiPaginator
- from misago.users.models import UsernameChange
- from misago.users.rest_permissions import BasePermission
- from misago.users.serializers.usernamechange import UsernameChangeSerializer
- class UsernameChangesViewSetPermission(BasePermission):
- def has_permission(self, request, view):
- try:
- user_id = int(request.GET.get('user'))
- except (ValueError, TypeError):
- user_id = -1
- if user_id == request.user.pk:
- return True
- elif not request.user.acl.get('can_see_users_name_history'):
- raise PermissionDenied(_("You don't have permission to "
- "see other users name history."))
- return True
- class UsernameChangesViewSet(mixins.ListModelMixin, viewsets.GenericViewSet):
- permission_classes = (UsernameChangesViewSetPermission,)
- serializer_class = UsernameChangeSerializer
- queryset = UsernameChange.objects
- pagination_class = ApiPaginator(12, 4)
- def get_queryset(self):
- queryset = UsernameChange.objects.select_related('user', 'changed_by')
- user = self.request.query_params.get('user', None)
- if user is not None:
- try:
- queryset = queryset.filter(user_id=int(user))
- except (ValueError, TypeError):
- queryset = queryset.none()
- if self.request.query_params.get('search'):
- search_phrase = self.request.query_params.get('search').strip()
- if search_phrase:
- queryset = queryset.filter(
- Q(changed_by_username__istartswith=search_phrase) |
- Q(new_username__istartswith=search_phrase) |
- Q(old_username__istartswith=search_phrase))
- return queryset.order_by('-id')
|
