Adds "detail" view for user setting

- Users can only view / edit their own settings
2024-08-30 18:33:04 +00:00 · 2021-11-09 16:14:10 +11:00 · 2021-11-09 16:14:10 +11:00 · 0374c27d7c
commit 0374c27d7c
parent f3b4f7aa28
2 changed files with 39 additions and 3 deletions
--- a/InvenTree/InvenTree/version.py
+++ b/InvenTree/InvenTree/version.py
@ -12,11 +12,15 @@ import common.models
 INVENTREE_SW_VERSION = "0.6.0 dev"

 # InvenTree API version
-INVENTREE_API_VERSION = 16
+INVENTREE_API_VERSION = 17

 """
 Increment this API version number whenever there is a significant change to the API that any clients need to know about

+v17 -> 2021-11-09
+    - Adds API endpoints for GLOBAL and USER settings objects
+    - Ref: https://github.com/inventree/InvenTree/pull/2275
+
 v16 -> 2021-10-17
    - Adds API endpoint for completing build order outputs

--- a/InvenTree/common/api.py
+++ b/InvenTree/common/api.py
@ -52,8 +52,6 @@ class GlobalSettingsPermissions(permissions.BasePermission):
        Check that the requesting user is 'admin'
        """

-        print("User:", request.user, request.user.is_staff)
-
        try:
            user = request.user

@ -102,11 +100,45 @@ class UserSettingsList(SettingsList):
        return queryset


+class UserSettingsPermissions(permissions.BasePermission):
+    """
+    Special permission class to determine if the user can view / edit a particular setting
+    """
+
+    def has_object_permission(self, request, view, obj):
+
+        print("Checking object permissions:")
+        print(request.user, obj.user)
+
+        try:
+            user = request.user
+        except AttributeError:
+            return False
+
+        return user == obj.user
+
+
+class UserSettingsDetail(generics.RetrieveUpdateAPIView):
+    """
+    Detail view for an individual "user setting" object
+
+    - User can only view / edit settings their own settings objects
+    """
+
+    queryset = common.models.InvenTreeUserSetting.objects.all()
+    serializer_class = common.serializers.UserSettingsSerializer
+    
+    permission_classes = [
+        UserSettingsPermissions,
+    ]
+
+
 common_api_urls = [

    # User settings
    url(r'^user/', include([
        # User Settings Detail
+        url(r'^(?P<pk>\d+)/', UserSettingsDetail.as_view(), name='api-user-setting-detail'),

        # User Settings List
        url(r'^.*$', UserSettingsList.as_view(), name='api-user-setting-list'),