Resource Detail, update, delete methods

qgis · Sep 19, 2024 · 747b7f3 · 747b7f3
1 parent 42f1eae
commit 747b7f3
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 13 deletions.
diff --git a/HUB_API.md b/HUB_API.md
@@ -1,5 +1,5 @@
 API URL Configuration
-# QGIS Django API Documentation
+# QGIS Resources Hub API Documentation
 
 The `urlpatterns` list routes URLs to views. For more information please see:
 [https://docs.djangoproject.com/en/3.2/topics/http/urls/](https://docs.djangoproject.com/en/3.2/topics/http/urls/)
@@ -38,3 +38,15 @@ The `urlpatterns` list routes URLs to views. For more information please see:
     --form 'resource_type="model"'
     ```
 
+### Resource Detail
+- **URL:** `/resource/<str:resource_type>/<uuid:uuid>/`
+- **Methods:** `GET`, `PUT`, `DELETE`
+- **View:** `ResourceDetailView.as_view()`
+- **Name:** `resource-detail`
+- **Description:** Handles the detailed display, update, and deletion of a specific resource based on its type and UUID.
+- **Example:**
+    To access the details of a resource with type 'style' and UUID '123e4567-e89b-12d3-a456-426614174000':
+    ```sh
+    GET /resource/style/123e4567-e89b-12d3-a456-426614174000/
+    ```
+- **Permissions:** Ensure that the user has the necessary permissions (staff or creator) to view, update, or delete the resource details.
diff --git a/qgis-app/api/urls.py b/qgis-app/api/urls.py
@@ -7,7 +7,8 @@
     user_token_create,
     user_token_update,
     user_token_delete,
-    ResourceCreateView
+    ResourceCreateView,
+    ResourceDetailView,
 )
 urlpatterns = [
     path("resources/", ResourceAPIList.as_view(), name="resource-list"),
@@ -17,6 +18,9 @@
     path(
         "resource/create", ResourceCreateView.as_view(), name="resource-create"
     ),
+    path(
+        "resource/<str:resource_type>/<uuid:uuid>/", ResourceDetailView.as_view(), name="resource-detail"
+    ),
     url(
         r"^tokens/$",
         UserTokenListView.as_view(),

diff --git a/qgis-app/api/views.py b/qgis-app/api/views.py
@@ -345,6 +345,33 @@ def user_token_delete(request, token_id):
         {"description": user_token.description, "username": outstanding_token.user},
     )
 
+def _get_resource_serializer(resource_type):
+    if resource_type.lower() == "geopackage":
+        return GeopackageSerializer
+    elif resource_type.lower() == "3dmodel":
+        return WavefrontSerializer
+    elif resource_type.lower() == "style":
+        return StyleSerializer
+    elif resource_type.lower() == "layerdefinition":
+        return LayerDefinitionSerializer
+    elif resource_type.lower() == "model":
+        return ModelSerializer
+    else:
+        return None
+
+def _get_resource_object(uuid, resource_type):
+    if resource_type.lower() == "geopackage":
+        return get_object_or_404(Geopackage.approved_objects, uuid=uuid)
+    elif resource_type.lower() == "3dmodel":
+        return get_object_or_404(Wavefront.approved_objects, uuid=uuid)
+    elif resource_type.lower() == "style":
+        return get_object_or_404(Style.approved_objects, uuid=uuid)
+    elif resource_type.lower() == "layerdefinition":
+        return get_object_or_404(LayerDefinition.approved_objects, uuid=uuid)
+    elif resource_type.lower() == "model":
+        return get_object_or_404(Model.approved_objects, uuid=uuid)
+    else:
+        return None
 
 class ResourceCreateView(APIView):
     """
@@ -355,17 +382,8 @@ class ResourceCreateView(APIView):
     parser_classes = [MultiPartParser, FormParser]
 
     def post(self, request, *args, **kwargs):
-        if request.data.get("resource_type").lower() == "geopackage":
-            serializer = GeopackageSerializer(data=request.data)
-        elif request.data.get("resource_type").lower() == "3dmodel":
-            serializer = WavefrontSerializer(data=request.data)
-        elif request.data.get("resource_type").lower() == "style":
-            serializer = StyleSerializer(data=request.data)
-        elif request.data.get("resource_type").lower() == "layerdefinition":
-            serializer = LayerDefinitionSerializer(data=request.data)
-        elif request.data.get("resource_type").lower() == "model":
-            serializer = ModelSerializer(data=request.data)
-        else:
+        serializer = _get_resource_serializer(request.data.get("resource_type"))
+        if serializer is None:
             return Response(
                 {"resource_type": "Resource type not supported"},
                 status=status.HTTP_400_BAD_REQUEST,
@@ -375,3 +393,54 @@ def post(self, request, *args, **kwargs):
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+class ResourceDetailView(APIView):
+    """
+    Retrieve or update a Resource
+    """
+    authentication_classes = [JWTAuthentication]
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, *args, **kwargs):
+        uuid = kwargs.get("uuid")
+        resource_type = kwargs.get("resource_type")
+        object = _get_resource_object(uuid, resource_type)
+        if object is None:
+            raise Http404
+        if not object.creator.is_staff and object.creator != request.user:
+            return Response(
+                {"detail": "You do not have permission to perform this action."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        serializer = _get_resource_serializer(resource_type)(object)
+        return Response(serializer.data)
+
+    def put(self, request, *args, **kwargs):
+        uuid = kwargs.get("uuid")
+        resource_type = kwargs.get("resource_type")
+        object = _get_resource_object(uuid, resource_type)
+        if object is None:
+            raise Http404
+        if not object.creator.is_staff and object.creator != request.user:
+            return Response(
+                {"detail": "You do not have permission to perform this action."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        serializer = _get_resource_serializer(resource_type)(object, data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def delete(self, request, *args, **kwargs):
+        uuid = kwargs.get("uuid")
+        resource_type = kwargs.get("resource_type")
+        object = _get_resource_object(uuid, resource_type)
+        if object is None:
+            raise Http404
+        if not object.creator.is_staff and object.creator != request.user:
+            return Response(
+                {"detail": "You do not have permission to perform this action."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        object.delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)