0001-api-do-not-mix-get_queryset-and-filter_queryset-5136.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 77 | 77 |
if django.VERSION < (1, 11): |
| 78 | 78 |
authentication.authenticate = utils.authenticate |
| 79 | 79 | |
| 80 |
User = get_user_model() |
|
| 81 | ||
| 80 | 82 | |
| 81 | 83 |
class HookMixin(object): |
| 82 | 84 |
def get_serializer(self, *args, **kwargs): |
| ... | ... | |
| 739 | 741 | |
| 740 | 742 | |
| 741 | 743 |
class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin, ModelViewSet): |
| 744 |
queryset = User.objects.filter(deleted__isnull=True) |
|
| 742 | 745 |
ordering_fields = ['username', 'first_name', 'last_name', 'modified', 'date_joined'] |
| 743 | 746 |
lookup_field = 'uuid' |
| 744 | 747 |
serializer_class = BaseUserSerializer |
| ... | ... | |
| 759 | 762 |
return User._meta.ordering |
| 760 | 763 | |
| 761 | 764 |
def get_queryset(self): |
| 762 |
User = get_user_model() |
|
| 763 |
qs = User.objects.filter(deleted__isnull=True) |
|
| 765 |
qs = super().get_queryset() |
|
| 764 | 766 |
if self.request.method == 'GET': |
| 765 | 767 |
qs = qs.prefetch_related('attribute_values', 'attribute_values__attribute')
|
| 768 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs)
|
|
| 769 |
if new_qs is not None: |
|
| 770 |
return new_qs |
|
| 771 |
return qs |
|
| 772 | ||
| 773 |
def filter_queryset(self, qs): |
|
| 774 |
qs = super().filter_queryset(qs) |
|
| 766 | 775 |
qs = self.request.user.filter_by_perm(['custom_user.view_user'], qs) |
| 767 | 776 |
# filter users authorized for a specified service |
| 768 | 777 |
if 'service-slug' in self.request.GET: |
| ... | ... | |
| 778 | 787 |
qs = qs.distinct() |
| 779 | 788 |
else: |
| 780 | 789 |
qs = qs.none() |
| 781 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs)
|
|
| 782 |
if new_qs is not None: |
|
| 783 |
return new_qs |
|
| 784 | 790 |
return qs |
| 785 | 791 | |
| 786 | 792 |
def update(self, request, *args, **kwargs): |
| 787 |
- |
|