accounts package

Submodules

accounts.apps module

class accounts.apps.AccountsConfig(app_name, app_module)

Bases: django.apps.config.AppConfig

name = u'accounts'

accounts.serializers module

class accounts.serializers.UserAccountSerializer(instance=None, data=<class rest_framework.fields.empty>, **kwargs)

Bases: rest_framework.serializers.ModelSerializer

class Meta
fields = ('id', 'username', 'password', 'email', 'first_name', 'last_name', 'is_staff')
model

alias of User

read_only_fields = ('id',)
write_only_fields = ('password',)
create(validated_data)
update(instance, validated_data)

accounts.urls module

accounts.views module

class accounts.views.GetUser(**kwargs)

Bases: rest_framework.views.APIView

View to get details on the client user.

get(request)

Return details of a specific user.

class accounts.views.IsOwnerOrAdmin

Bases: rest_framework.permissions.BasePermission

Custom permission to only allow owners of an object to edit it.

We also ensure non-staff users are not allowed to elevate their privileges

has_object_permission(request, view, obj)
class accounts.views.UserDetail(**kwargs)

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

View to support RUD of individual user records

  • Only owner of record or admin users are allowed to edit records
  • Owners are not able to upgrade is_staff flag from false to true
permission_classes = (<class 'accounts.views.IsOwnerOrAdmin'>,)
queryset
serializer_class

alias of UserAccountSerializer

class accounts.views.UserList(**kwargs)

Bases: rest_framework.generics.ListCreateAPIView

View to list all users in the system.

  • Only admin users are able to access this view.
permission_classes = (<class 'rest_framework.permissions.IsAdminUser'>,)
queryset
serializer_class

alias of UserAccountSerializer

Module contents