Merge pull request #293 from editorsnotes/auth-forms

Auth forms

Author: ptgolden

editorsnotes/api/fields.py

@@ -89,6 +89,7 @@ def __init__(self, *args, **kwargs):
                 'pk': 'id'
             }
         kwargs['read_only'] = True
+        self.format = None
         super(IdentityURLField, self).__init__(*args, **kwargs)
 
 

editorsnotes/api/ld.py

@@ -25,7 +25,7 @@
         ('@id', '@graph'),
         ('@container', '@index'),
     ))),
-    ('display_name', 'schame:name'),
+    ('display_name', 'schema:name'),
     ('embedded', OrderedDict((
         ('@id', '@graph'),
         ('@container', '@index'),

editorsnotes/api/serializers/activity.py

@@ -14,7 +14,7 @@
 
 # TODO: make these fields nested, maybe
 class ActivitySerializer(serializers.ModelSerializer):
-    user = serializers.ReadOnlyField(source='user.username')
+    user_id = serializers.ReadOnlyField(source='user.id')
     project = serializers.ReadOnlyField(source='project.slug')
     type = serializers.ReadOnlyField(source='content_type.model')
     url = serializers.SerializerMethodField('get_object_url')
@@ -23,7 +23,7 @@ class ActivitySerializer(serializers.ModelSerializer):
 
     class Meta:
         model = LogActivity
-        fields = ('user', 'project', 'time', 'type', 'url', 'title', 'action',)
+        fields = ('user_id', 'project', 'time', 'type', 'url', 'title', 'action',)
 
     def get_object_url(self, obj):
         if obj.action == DELETION or obj.content_object is None:

editorsnotes/api/serializers/auth.py

@@ -73,7 +73,7 @@ def get_type(self, obj):
 class UserSerializer(EmbeddedItemsMixin, serializers.ModelSerializer):
     url = IdentityURLField(
         view_name='api:users-detail',
-        lookup_kwarg_attrs={'username': 'username'}
+        lookup_kwarg_attrs={'pk': 'pk'}
     )
 
     type = serializers.SerializerMethodField()
@@ -91,8 +91,8 @@ class UserSerializer(EmbeddedItemsMixin, serializers.ModelSerializer):
         source='*',
         read_only=True,
         view_name='api:users-activity',
-        lookup_field='username',
-        lookup_url_kwarg='username'
+        lookup_field='pk',
+        lookup_url_kwarg='pk'
     )
 
     class Meta:

editorsnotes/api/serializers/mixins.py

@@ -50,12 +50,12 @@ def get_users_from_urls(self, urls):
         if not urls:
             return {}
 
-        usernames = [
-            resolve(urlparse(url).path).kwargs['username']
+        user_ids = [
+            resolve(urlparse(url).path).kwargs['id']
             for url in urls
         ]
 
-        qs = User.objects.filter(username__in=usernames)
+        qs = User.objects.filter(id__in=user_ids)
 
         serializer = UserSerializer(instance=qs, many=True,
                                     context=self.context)

editorsnotes/api/tests/hydra.py

@@ -140,7 +140,7 @@ def test_read_only_hyperlinked_collection_property(self):
 
     def test_read_write_hyperlinked_collection_property(self):
         request = Request(make_dummy_request())
-        request._user = User(username='Patrick', is_superuser=True)
+        request._user = User(is_superuser=True)
 
         context = {'request': request}
         serializer = ProjectSerializer(self.project, context=context)

editorsnotes/api/tests/ld.py

@@ -24,7 +24,7 @@ class HydraLinksTestCase(ClearContentTypesTransactionTestCase):
     fixtures = ['projects.json']
 
     def setUp(self):
-        self.user = User.objects.get(username='barry')
+        self.user = User.objects.get(email='barry@example.com')
         self.project = Project.objects.get(slug='emma')
         self.note = Note.objects.create(
             title='A test note',
@@ -52,7 +52,7 @@ def test_authenticated_hydra_class_request(self):
         An authenticated request with sufficient permissions should know about
         "GET", "PUT", and "POST" operations on a project item.
         """
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
 
         response = self.client.get(
             reverse('api:notes-detail',
@@ -69,7 +69,7 @@ def test_authenticated_user_project_home(self):
         The project resource for an authenticated user should show links to
         add items to all projects.
         """
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
         response = self.client.get(
             reverse('api:projects-detail', args=[self.project.slug]),
             HTTP_ACCEPT='application/json')
@@ -115,7 +115,7 @@ def test_authenticated_user_project_home(self):
         })
 
     def test_authenticated_user_home(self):
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
         response = self.client.get('/', HTTP_ACCEPT='application/json')
 
         project_url = self.dummy_req.build_absolute_uri(

editorsnotes/api/tests/views.py

@@ -105,9 +105,9 @@ class TopicAPITestCase(ClearContentTypesTransactionTestCase):
     fixtures = ['projects.json']
 
     def setUp(self):
-        self.user = User.objects.get(username='barry')
+        self.user = User.objects.get(email='barry@example.com')
         self.project = Project.objects.get(slug='emma')
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
 
     def create_test_topic(self):
         data = TEST_TOPIC.copy()
@@ -154,7 +154,7 @@ def test_topic_api_create(self):
 
         # 'time': ???,
         expected = {
-            'user': 'barry',
+            'user_id': 1,
             'project': 'emma',
             'type': topic_obj._meta.model_name,
             'url': topic_obj.get_absolute_url(),
@@ -175,7 +175,7 @@ def test_topic_api_create(self):
     def test_topic_api_create_bad_permissions(self):
         "Creating a topic in an outside project is NOT OK"
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.post(
             reverse('api:topics-list', args=[self.project.slug]),
             json.dumps(TEST_TOPIC),
@@ -236,7 +236,7 @@ def test_topic_api_list(self):
     def test_topic_api_list_other_projects(self):
         "Other projects' topic lists should be viewable, even if logged out"
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.get(reverse('api:topics-list',
                                            args=[self.project.slug]),
                                    HTTP_ACCEPT='application/json')
@@ -283,7 +283,7 @@ def test_topic_api_update(self):
 
         # 'time': ???,
         expected = {
-            'user': 'barry',
+            'user_id': 1,
             'project': 'emma',
             'type': updated_topic_obj._meta.model_name,
             'url': updated_topic_obj.get_absolute_url(),
@@ -303,7 +303,7 @@ def test_topic_api_update_bad_permissions(self):
         data['markup'] = u'a bad, garbage guy'
 
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
 
         response = self.client.put(
             reverse('api:topics-detail',
@@ -352,7 +352,7 @@ def test_topic_api_delete(self):
 
         # 'time': ???,
         expected = {
-            'user': 'barry',
+            'user_id': 1,
             'project': 'emma',
             'type': topic_obj._meta.model_name,
             'url': None,
@@ -367,7 +367,7 @@ def test_topic_api_delete_bad_permissions(self):
         "Deleting a topic in an outside project is NOT OK"
         topic_obj = create_topic(user=self.user, project=self.project)
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
 
         response = self.client.delete(
             reverse('api:topics-detail',
@@ -393,9 +393,9 @@ class DocumentAPITestCase(ClearContentTypesTransactionTestCase):
     fixtures = ['projects.json']
 
     def setUp(self):
-        self.user = User.objects.get(username='barry')
+        self.user = User.objects.get(email='barry@example.com')
         self.project = Project.objects.get(slug='emma')
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
 
     def create_test_document(self):
         data = TEST_DOCUMENT
@@ -426,7 +426,7 @@ def test_document_api_create_bad_permissions(self):
         "Creating a document in another project is NOT OK"
         data = TEST_DOCUMENT.copy()
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.post(
             reverse('api:documents-list', args=[self.project.slug]),
             json.dumps(data),
@@ -483,7 +483,7 @@ def test_document_api_list(self):
         original_response_content = response.data
 
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.get(reverse('api:documents-list',
                                            args=[self.project.slug]),
                                    HTTP_ACCEPT='application/json')
@@ -533,7 +533,7 @@ def test_document_api_update_bad_permissions(self):
         document_obj = create_document(
             project=self.project, creator=self.user, last_updater=self.user)
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
 
         data = TEST_DOCUMENT.copy()
         data['description'] = u'a stupid book!!!!!!!'
@@ -581,7 +581,7 @@ def test_document_api_delete_bad_permissions(self):
         document_obj = create_document(
             project=self.project, creator=self.user, last_updater=self.user)
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.delete(
             reverse('api:documents-detail',
                     args=[self.project.slug, document_obj.id]),
@@ -608,9 +608,9 @@ class NoteAPITestCase(ClearContentTypesTransactionTestCase):
     fixtures = ['projects.json']
 
     def setUp(self):
-        self.user = User.objects.get(username='barry')
+        self.user = User.objects.get(email='barry@example.com')
         self.project = Project.objects.get(slug='emma')
-        self.client.login(username='barry', password='barry')
+        self.client.login(username='barry@example.com', password='barry')
 
     def create_test_note(self):
         data = TEST_NOTE
@@ -670,7 +670,7 @@ def test_note_api_create_bad_permissions(self):
         "Creating a note in an outside project is NOT OK"
         data = TEST_NOTE.copy()
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.post(
             reverse('api:notes-list', args=[self.project.slug]),
             json.dumps(data),
@@ -723,7 +723,7 @@ def test_note_api_list(self):
         original_response_content = response.data
 
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.get(reverse('api:notes-list',
                                            args=[self.project.slug]),
                                    HTTP_ACCEPT='application/json')
@@ -764,7 +764,7 @@ def test_note_api_update_bad_permissions(self):
         "Updating a note in an outside project is NOT OK"
         note_obj = self.create_test_note()
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         data = TEST_NOTE.copy()
         data['title'] = u'Нет!!!!!!'
         response = self.client.put(
@@ -818,7 +818,7 @@ def test_note_api_delete_bad_permissions(self):
         "Deleting a note in an outside project is NOT OK"
         note_obj = self.create_test_note()
         self.client.logout()
-        self.client.login(username='esther', password='esther')
+        self.client.login(username='esther@example.com', password='esther')
         response = self.client.delete(
             reverse('api:notes-detail', args=[self.project.slug, note_obj.id]),
             content_type='application/json'

editorsnotes/api/urls.py

@@ -60,9 +60,9 @@ def format_patterns(urlpatterns):
     url(r'^search/$', views.SearchView.as_view(), name='search'),
     url(r'^notes/$', views.AllProjectNoteList.as_view(), name='all-projects-notes-list'),
     url(r'^projects/$', views.ProjectList.as_view(), name='projects-list'),
-    url(r'^projects/(?P<project_slug>\w+)', include(project_specific_patterns)),
-    url(r'^users/(?P<username>[\w@\+\.\-]+)/$', views.UserDetail.as_view(), name='users-detail'),
-    url(r'^users/(?P<username>[\w@\+\.\-]+)/activity/$', views.ActivityView.as_view(), name='users-activity'),
+    url(r'^projects/(?P<project_slug>[\w\-]+)', include(project_specific_patterns)),
+    url(r'^users/(?P<pk>\d+)/$', views.UserDetail.as_view(), name='users-detail'),
+    url(r'^users/(?P<pk>\d+)/activity/$', views.ActivityView.as_view(), name='users-activity'),
     url(r'^me/$', views.SelfUserDetail.as_view(), name='users-detail-self'),
 
 )

editorsnotes/api/views/auth.py

@@ -74,7 +74,6 @@ def get_object(self):
 class UserDetail(EmbeddedReferencesMixin, RetrieveAPIView):
     queryset = User.objects.all()
     serializer_class = UserSerializer
-    lookup_field = 'username'
 
 
 class SelfUserDetail(EmbeddedReferencesMixin, RetrieveAPIView):
@@ -108,11 +107,11 @@ class ActivityView(ElasticSearchListMixin, ListAPIView):
     queryset = LogActivity.objects.all()
 
     def get_object(self):
-        username = self.kwargs.get('username', None)
+        user_id = self.kwargs.get('id', None)
         project_slug = self.kwargs.get('project_slug', None)
 
-        if username is not None:
-            obj = get_object_or_404(User, username=username)
+        if user_id is not None:
+            obj = get_object_or_404(User, id=user_id)
         elif project_slug is not None:
             obj = get_object_or_404(Project, slug=project_slug)
         else:
@@ -129,7 +128,7 @@ def get_es_search(self):
         # FIXME FIXME FIXME: Users' and projects' actions should be indexed by
         # their URLs, not their usernames/slugs
         if isinstance(obj, User):
-            search = search.filter('term', **{'data.user': obj.username})
+            search = search.filter('term', **{'data.user_id': obj.id})
         else:
             search = search.filter('term', **{'data.project': obj.slug})
 

editorsnotes/api/views/browse.py

@@ -7,8 +7,9 @@
 
 from editorsnotes.api.serializers import ProjectSerializer
 from editorsnotes.api.serializers.hydra import link_properties_for_project
+from editorsnotes.auth.models import Project
 from editorsnotes.main.models import Note, Topic, Document
-from editorsnotes.search import items as items_search
+from editorsnotes.search import items_index
 
 
 __all__ = ['root', 'browse_items']
@@ -53,15 +54,15 @@ def root(request, format=None):
 
 
 def search_model(Model, query):
-    query = query.to_dict()
-    query['fields'] = ['display_title', 'url']
-    results = items_search.search_model(Model, query)
+    es_query = items_index\
+        .make_search_for_model(Model)\
+        .fields(['display_title', 'url'])
+
+    results = es_query.execute()
+
     return [
-        {
-            'title': result['fields']['display_title'][0],
-            'url': result['fields']['url'][0]
-        }
-        for result in results['hits']['hits']
+        { 'title': result.display_title[0], 'url': result.url[0] }
+        for result in results.hits
     ]
 
 
@@ -75,5 +76,6 @@ def browse_items(request, format=None):
     ret['notes'] = search_model(Note, es_query.filter(
         'term', **{'serialized.is_private': 'false'}
     ))
+    ret['projects'] = search_model(Project, es_query)
 
     return Response(ret)