feat(controller): Add users:list

Joshua-Anderson · Joshua-Anderson · commit db3b2e7abbf5 · 2015-04-11T20:02:33.000-07:00
diff --git a/api/__init__.py b/api/__init__.py
@@ -2,4 +2,4 @@
 The **api** Django app presents a RESTful web API for interacting with the **deis** system.
 """
 
-__version__ = '1.2.0'
+__version__ = '1.3.0'
diff --git a/api/tests/__init__.py b/api/tests/__init__.py
@@ -59,3 +59,4 @@ def run_tests(self, test_labels, extra_tests=None, **kwargs):
 from .test_perm import *  # noqa
 from .test_release import *  # noqa
 from .test_scheduler import *  # noqa
+from .test_users import *  # noqa
diff --git a/api/tests/test_users.py b/api/tests/test_users.py
@@ -0,0 +1,36 @@
+
+from __future__ import unicode_literals
+
+from django.contrib.auth.models import User
+from django.test import TestCase
+from rest_framework.authtoken.models import Token
+
+
+class TestUsers(TestCase):
+    """ Tests users endpoint"""
+
+    fixtures = ['tests.json']
+
+    def test_super_user_can_list(self):
+        url = '/v1/users/'
+
+        user = User.objects.get(username='autotest')
+        token = Token.objects.get(user=user)
+
+        response = self.client.get(url,
+                                   HTTP_AUTHORIZATION='token {}'.format(token))
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.data['results']), 2)
+        self.assertEqual(response.data['results'][0]['username'], 'autotest')
+        self.assertEqual(response.data['results'][1]['username'], 'autotest2')
+
+    def test_non_super_user_cannot_list(self):
+        url = '/v1/users/'
+
+        user = User.objects.get(username='autotest2')
+        token = Token.objects.get(user=user)
+
+        response = self.client.get(url,
+                                   HTTP_AUTHORIZATION='token {}'.format(token))
+        self.assertEqual(response.status_code, 403)
diff --git a/api/urls.py b/api/urls.py
@@ -86,4 +86,6 @@
         views.CertificateViewSet.as_view({'get': 'retrieve', 'delete': 'destroy'})),
     url(r'^certs/?',
         views.CertificateViewSet.as_view({'get': 'list', 'post': 'create'})),
+    # list users
+    url(r'^users/', views.UserView.as_view({'get': 'list'})),
 )
diff --git a/api/views.py b/api/views.py
@@ -385,3 +385,13 @@ def destroy(self, request, **kwargs):
         user.is_superuser = user.is_staff = False
         user.save(update_fields=['is_superuser', 'is_staff'])
         return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+class UserView(BaseDeisViewSet):
+    """A Viewset for interacting with User objects."""
+    model = User
+    serializer_class = serializers.UserSerializer
+    permission_classes = [permissions.IsAdmin]
+
+    def get_queryset(self):
+        return self.model.objects.exclude(username='AnonymousUser')

Original file line number	Diff line number	Diff line change
`@@ -86,4 +86,6 @@`
`86`	`86`	`views.CertificateViewSet.as_view({'get': 'retrieve', 'delete': 'destroy'})),`
`87`	`87`	`url(r'^certs/?',`
`88`	`88`	`views.CertificateViewSet.as_view({'get': 'list', 'post': 'create'})),`
	`89`	`+ # list users`
	`90`	`+ url(r'^users/', views.UserView.as_view({'get': 'list'})),`
`89`	`91`	`)`