user rest endpoint allows getting allowed users for iblrig login

cortex-lab · Nov 30, 2023 · 4eb68cf · 4eb68cf
1 parent c5a94e3
commit 4eb68cf
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 13 deletions.
diff --git a/alyx/misc/serializers.py b/alyx/misc/serializers.py
@@ -50,6 +50,8 @@ class Meta:
 class UserSerializer(serializers.ModelSerializer):
     subjects_responsible = serializers.SlugRelatedField(
         many=True, queryset=Subject.objects.all(), slug_field='nickname')
+    allowed_users = serializers.SlugRelatedField(
+        many=True, queryset=LabMember.objects.all(), slug_field='username')
 
     @staticmethod
     def setup_eager_loading(queryset):
@@ -58,7 +60,7 @@ def setup_eager_loading(queryset):
 
     class Meta:
         model = get_user_model()
-        fields = ('id', 'username', 'email', 'subjects_responsible', 'lab')
+        fields = ('id', 'username', 'email', 'subjects_responsible', 'lab', 'allowed_users')
 
 
 class LabSerializer(serializers.HyperlinkedModelSerializer):

diff --git a/alyx/misc/tests_rest.py b/alyx/misc/tests_rest.py
@@ -20,6 +20,7 @@ def setUp(self):
         self.lab = Lab.objects.create(name='basement')
         self.public_user = get_user_model().objects.create(
             username='troublemaker', password='azerty', is_public_user=True)
+        self.public_user.allowed_users.set([self.superuser])
 
     def test_create_lab_membership(self):
         # first test creation of lab through rest endpoint
@@ -55,6 +56,12 @@ def test_public_user(self):
     def test_user_rest(self):
         response = self.client.get(reverse('user-list') + '/test')
         self.ar(response, 200)
+        response = self.client.get(reverse('user-list') + '/troublemaker')
+        self.ar(response, 200)
+        self.assertEqual(
+            response.data.get('allowed_users'),
+            list(self.public_user.allowed_users.all().values_list('username', flat=True))
+        )
 
     def test_note_rest(self):
         user = self.ar(self.client.get(reverse('user-list')), 200)
@@ -71,7 +78,7 @@ def test_note_rest(self):
 
 class TestCacheView(BaseTests):
     def setUp(self):
-        # This doesn't need super user privilages but I didn't know how to create a normal user
+        # This doesn't need super user privileges but I didn't know how to create a normal user
         self.superuser = get_user_model().objects.create_user('test', 'test', 'test')
         self.client.login(username='test', password='test')
         self.tag = Tag.objects.create(name='2022_Q1_paper')

diff --git a/alyx/misc/urls.py b/alyx/misc/urls.py
@@ -4,17 +4,14 @@
 from django.conf.urls import include
 
 
-user_list = mv.UserViewSet.as_view({'get': 'list'})
-user_detail = mv.UserViewSet.as_view({'get': 'retrieve'})
-
 urlpatterns = [
     path('', RedirectView.as_view(url='/admin')),  # redirect the page to admin interface
     path('labs', mv.LabList.as_view(), name="lab-list"),
     path('labs/<str:name>', mv.LabDetail.as_view(), name="lab-detail"),
     path('notes', mv.NoteList.as_view(), name="note-list"),
     path('notes/<uuid:pk>', mv.NoteDetail.as_view(), name="note-detail"),
-    path('users/<str:username>', user_detail, name='user-detail'),
-    path('users', user_list, name='user-list'),
+    path('users', mv.UserList.as_view(), name="user-list"),
+    path('users/<str:username>', mv.UserDetail.as_view(), name="user-detail"),
     re_path('^uploaded/(?P<img_url>.*)', mv.UploadedView.as_view(), name='uploaded'),
     path('cache.zip', mv.CacheDownloadView.as_view(), name='cache-download'),
     re_path(r'^cache/info(?:/(?P<tag>\w+))?/$', mv.CacheVersionView.as_view(), name='cache-info'),

diff --git a/alyx/misc/views.py b/alyx/misc/views.py
@@ -10,7 +10,7 @@
     HttpResponse, FileResponse, JsonResponse, HttpResponseRedirect, HttpResponseNotFound
 )
 
-from rest_framework import viewsets, views
+from rest_framework import views
 from rest_framework.response import Response
 from rest_framework.decorators import api_view
 from rest_framework.reverse import reverse
@@ -69,15 +69,35 @@ def api_root(request, format=None):
     })
 
 
-class UserViewSet(viewsets.ReadOnlyModelViewSet):
+class UserFilter(BaseFilterSet):
+    class Meta:
+        model = get_user_model()
+        exclude = ['json']
+
+
+class UserList(generics.ListCreateAPIView):
     """
-    Lists all users with the subjects which they are responsible for.
+    get: **FILTERS**
+    - 'id'
+    - 'username'
+    - 'email'
+    - 'subjects_responsible'
+    - 'lab'
+    - 'allowed_users'
+    [===> user model reference](/admin/doc/models/misc.labmember)
     """
-    queryset = get_user_model().objects.all()
-    queryset = UserSerializer.setup_eager_loading(queryset)
+    queryset = UserSerializer.setup_eager_loading(get_user_model().objects.all())
     serializer_class = UserSerializer
+    permission_classes = rest_permission_classes()
+    filter_class = UserFilter
     lookup_field = 'username'
+
+
+class UserDetail(generics.RetrieveUpdateDestroyAPIView):
+    queryset = UserSerializer.setup_eager_loading(get_user_model().objects.all())
+    serializer_class = UserSerializer
     permission_classes = rest_permission_classes()
+    lookup_field = 'username'
 
 
 class LabFilter(BaseFilterSet):

diff --git a/scripts/sync_ucl/prune_cortexlab.py b/scripts/sync_ucl/prune_cortexlab.py
@@ -83,7 +83,8 @@
 
 # only imports users that are relevant to IBL
 users_to_import = ['cyrille', 'Gaelle', 'kenneth', 'lauren', 'matteo', 'miles', 'nick', 'olivier',
-                   'Karolina_Socha', 'Hamish', 'laura', 'niccolo', 'SamuelP', 'miriam.jansen', 'carolina.quadrado']
+                   'Karolina_Socha', 'Hamish', 'laura', 'niccolo', 'SamuelP', 'miriam.jansen',
+                   'carolina.quadrado']
 users_to_leave = LabMember.objects.using('cortexlab').exclude(username__in=users_to_import)
 users_to_keep = Dataset.objects.using('cortexlab').values_list('created_by', flat=True).distinct()
 users_to_leave = users_to_leave.exclude(pk__in=users_to_keep)