Changeset View
Changeset View
Standalone View
Standalone View
swh/deposit/api/private/deposit_list.py
# Copyright (C) 2018-2019 The Software Heritage developers | # Copyright (C) 2018-2020 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU General Public License version 3, or any later version | # License: GNU General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
from rest_framework.fields import _UnvalidatedField | from rest_framework.fields import _UnvalidatedField | ||||
from rest_framework.generics import ListAPIView | from rest_framework.generics import ListAPIView | ||||
from rest_framework.pagination import PageNumberPagination | from rest_framework.pagination import PageNumberPagination | ||||
Show All 30 Lines | |||||
class DepositList(ListAPIView, SWHPrivateAPIView): | class DepositList(ListAPIView, SWHPrivateAPIView): | ||||
"""Deposit request class to list the deposit's status per page. | """Deposit request class to list the deposit's status per page. | ||||
HTTP verbs supported: GET | HTTP verbs supported: GET | ||||
""" | """ | ||||
queryset = Deposit.objects.all().order_by("id") | |||||
serializer_class = DepositSerializer | serializer_class = DepositSerializer | ||||
pagination_class = DefaultPagination | pagination_class = DefaultPagination | ||||
def get_queryset(self): | |||||
params = self.request.query_params | |||||
exclude_like = params.get("exclude") | |||||
if exclude_like: | |||||
# sql injection: A priori, nothing to worry about, django does it for | |||||
# queryset | |||||
# https://docs.djangoproject.com/en/3.0/topics/security/#sql-injection-protection # noqa | |||||
# https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection # noqa | |||||
deposits = ( | |||||
Deposit.objects.all() | |||||
.exclude(external_id__startswith=exclude_like) | |||||
.order_by("id") | |||||
) | |||||
else: | |||||
deposits = Deposit.objects.all().order_by("id") | |||||
return deposits |