0001-api-do-not-mix-get_queryset-and-filter_queryset-5136.patch
src/authentic2/api_views.py | ||
---|---|---|
77 | 77 |
if django.VERSION < (1, 11): |
78 | 78 |
authentication.authenticate = utils.authenticate |
79 | 79 | |
80 |
User = get_user_model() |
|
81 | ||
80 | 82 | |
81 | 83 |
class HookMixin(object): |
82 | 84 |
def get_serializer(self, *args, **kwargs): |
... | ... | |
739 | 741 | |
740 | 742 | |
741 | 743 |
class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin, ModelViewSet): |
744 |
queryset = User.objects.filter(deleted__isnull=True) |
|
742 | 745 |
ordering_fields = ['username', 'first_name', 'last_name', 'modified', 'date_joined'] |
743 | 746 |
lookup_field = 'uuid' |
744 | 747 |
serializer_class = BaseUserSerializer |
... | ... | |
759 | 762 |
return User._meta.ordering |
760 | 763 | |
761 | 764 |
def get_queryset(self): |
762 |
User = get_user_model() |
|
763 |
qs = User.objects.filter(deleted__isnull=True) |
|
765 |
qs = super().get_queryset() |
|
764 | 766 |
if self.request.method == 'GET': |
765 | 767 |
qs = qs.prefetch_related('attribute_values', 'attribute_values__attribute') |
768 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs) |
|
769 |
if new_qs is not None: |
|
770 |
return new_qs |
|
771 |
return qs |
|
772 | ||
773 |
def filter_queryset(self, qs): |
|
774 |
qs = super().filter_queryset(qs) |
|
766 | 775 |
qs = self.request.user.filter_by_perm(['custom_user.view_user'], qs) |
767 | 776 |
# filter users authorized for a specified service |
768 | 777 |
if 'service-slug' in self.request.GET: |
... | ... | |
778 | 787 |
qs = qs.distinct() |
779 | 788 |
else: |
780 | 789 |
qs = qs.none() |
781 |
new_qs = hooks.call_hooks_first_result('api_modify_queryset', self, qs) |
|
782 |
if new_qs is not None: |
|
783 |
return new_qs |
|
784 | 790 |
return qs |
785 | 791 | |
786 | 792 |
def update(self, request, *args, **kwargs): |
787 |
- |