feat(users): add users status api

Author: duanhongyi

rootfs/api/tests/test_users.py

@@ -18,6 +18,24 @@ def test_super_user_can_list(self):
             self.assertEqual(response.status_code, 200, response.data)
             self.assertEqual(len(response.data['results']), 4)
 
+    def test_enable(self):
+        user = User.objects.get(username='autotest')
+        token = Token.objects.get(user=user)
+        response = self.client.patch("/v2/users/autotest2/enable/",
+                                     HTTP_AUTHORIZATION='token {}'.format(token))
+        self.assertEqual(response.status_code, 204)
+        user = User.objects.get(username='autotest2')
+        self.assertEqual(user.is_active, True)
+
+    def test_disable(self):
+        user = User.objects.get(username='autotest')
+        token = Token.objects.get(user=user)
+        response = self.client.patch("/v2/users/autotest2/disable/",
+                                     HTTP_AUTHORIZATION='token {}'.format(token))
+        self.assertEqual(response.status_code, 204)
+        user = User.objects.get(username='autotest2')
+        self.assertEqual(user.is_active, False)
+
     def test_non_super_user_cannot_list(self):
         user = User.objects.get(username='autotest2')
         token = Token.objects.get(user=user)

rootfs/api/urls.py

@@ -142,6 +142,11 @@
         })),
     url(r'^certs/?$',
         views.CertificateViewSet.as_view({'get': 'list', 'post': 'create'})),
-    # list users
-    url(r'^users/?$', views.UserView.as_view({'get': 'list'})),
+    # users
+    url(r'^users/?$',
+        views.UserView.as_view({'get': 'list'})),
+    url(r'^users/(?P<username>[\w.@+-]+)/enable/?$',
+        views.UserView.as_view({'patch': 'enable'})),
+    url(r'^users/(?P<username>[\w.@+-]+)/disable/?$',
+        views.UserView.as_view({'patch': 'disable'})),
 ]

rootfs/api/views.py

@@ -824,13 +824,13 @@ def get_queryset(self, **kwargs):
         return self.model.objects.filter(is_active=True, is_superuser=True)
 
     def create(self, request, **kwargs):
-        user = get_object_or_404(User, username=request.data['username'])
+        user = get_object_or_404(self.model, username=request.data['username'])
         user.is_superuser = user.is_staff = True
         user.save(update_fields=['is_superuser', 'is_staff'])
         return Response(status=status.HTTP_201_CREATED)
 
     def destroy(self, request, **kwargs):
-        user = get_object_or_404(User, username=kwargs['username'])
+        user = get_object_or_404(self.model, username=kwargs['username'])
         user.is_superuser = user.is_staff = False
         user.save(update_fields=['is_superuser', 'is_staff'])
         return Response(status=status.HTTP_204_NO_CONTENT)
@@ -844,3 +844,19 @@ class UserView(BaseDryccViewSet):
 
     def get_queryset(self):
         return self.model.objects.exclude(username='AnonymousUser')
+
+    def enable(self, request, **kwargs):
+        if request.user.username == kwargs['username']:
+            return Response(status=status.HTTP_423_LOCKED)
+        user = get_object_or_404(self.model, username=kwargs['username'])
+        user.is_active = True
+        user.save(update_fields=['is_active', ])
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    def disable(self, request, **kwargs):
+        if request.user.username == kwargs['username']:
+            return Response(status=status.HTTP_423_LOCKED)
+        user = get_object_or_404(self.model, username=kwargs['username'])
+        user.is_active = False
+        user.save(update_fields=['is_active', ])
+        return Response(status=status.HTTP_204_NO_CONTENT)