Changeset View
Changeset View
Standalone View
Standalone View
swh/deposit/api/private/deposit_list.py
# Copyright (C) 2018-2020 The Software Heritage developers | # Copyright (C) 2018-2021 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU General Public License version 3, or any later version | # License: GNU General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
from rest_framework import serializers | |||||
from rest_framework.fields import _UnvalidatedField | |||||
from rest_framework.generics import ListAPIView | from rest_framework.generics import ListAPIView | ||||
from rest_framework.pagination import PageNumberPagination | |||||
from swh.deposit.api.utils import DefaultPagination, DepositSerializer | |||||
from . import APIPrivateView | from . import APIPrivateView | ||||
from ...models import Deposit | from ...models import Deposit | ||||
from ..converters import convert_status_detail | |||||
class DefaultPagination(PageNumberPagination): | |||||
page_size = 100 | |||||
page_size_query_param = "page_size" | |||||
class StatusDetailField(_UnvalidatedField): | |||||
"""status_detail field is a dict, we want a simple message instead. | |||||
So, we reuse the convert_status_detail from deposit_status | |||||
endpoint to that effect. | |||||
""" | |||||
def to_representation(self, value): | |||||
return convert_status_detail(value) | |||||
class DepositSerializer(serializers.ModelSerializer): | |||||
status_detail = StatusDetailField() | |||||
class Meta: | |||||
model = Deposit | |||||
fields = "__all__" | |||||
class APIList(ListAPIView, APIPrivateView): | class APIList(ListAPIView, APIPrivateView): | ||||
"""Deposit request class to list the deposit's status per page. | """Deposit request class to list the deposit's status per page. | ||||
HTTP verbs supported: GET | HTTP verbs supported: GET | ||||
""" | """ | ||||
serializer_class = DepositSerializer | serializer_class = DepositSerializer | ||||
pagination_class = DefaultPagination | pagination_class = DefaultPagination | ||||
def get_queryset(self): | def get_queryset(self): | ||||
params = self.request.query_params | params = self.request.query_params | ||||
exclude_like = params.get("exclude") | exclude_like = params.get("exclude") | ||||
if exclude_like: | if exclude_like: | ||||
# sql injection: A priori, nothing to worry about, django does it for | # sql injection: A priori, nothing to worry about, django does it for | ||||
# queryset | # queryset | ||||
# https://docs.djangoproject.com/en/3.0/topics/security/#sql-injection-protection # noqa | # https://docs.djangoproject.com/en/3.0/topics/security/#sql-injection-protection # noqa | ||||
# https://docs.djangoproject.com/en/2.2/topics/security/#sql-injection-protection # noqa | |||||
deposits = ( | deposits = ( | ||||
Deposit.objects.all() | Deposit.objects.all() | ||||
.exclude(external_id__startswith=exclude_like) | .exclude(external_id__startswith=exclude_like) | ||||
.order_by("id") | .order_by("id") | ||||
) | ) | ||||
else: | else: | ||||
deposits = Deposit.objects.all().order_by("id") | deposits = Deposit.objects.all().order_by("id") | ||||
return deposits | return deposits |