add patch method for user model flow

essediweb · essediweb · commit 18b53a6e13cf · 2014-11-23T02:58:59.000-08:00
diff --git a/elastic_framework/contrib/auth/serializers.py b/elastic_framework/contrib/auth/serializers.py
@@ -36,6 +36,12 @@ class ECUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = get_user_model()
         exclude = ('password',)
+        read_only_fields = ['id', 'password']
+
+    # XXX TODO: password field could be customized by developer in user model
+    # we have to handle in serializer method password field as read_only
+    # At the moment we assume that password field name is "password"
+
 
 class ECUserResponseSerializerClass(serializers.ModelSerializer):
 
diff --git a/elastic_framework/contrib/auth/views.py b/elastic_framework/contrib/auth/views.py
@@ -7,7 +7,7 @@
 from rest_framework.generics import (GenericAPIView, ListCreateAPIView,
                                      RetrieveUpdateAPIView)
 from rest_framework.response import Response
-from rest_framework.exceptions import ParseError, PermissionDenied
+from rest_framework.exceptions import ParseError
 from rest_framework import permissions
 from rest_framework import status
 
@@ -18,6 +18,7 @@
 from .serializers import (ECUserSignupSerializer, ECUserResponseSerializerClass,
                           ECUserSerializer)
 from .utils import create_token, get_token_from_request
+from .permissions import check_user_is_owner
 
 logger = logging.getLogger(__name__)
 
@@ -105,12 +106,25 @@ def get_queryset(self):
 
     def get(self, request, *args, **kwargs):
         user = self.get_object()
-        if not request.user == user:
-            raise PermissionDenied()
+        check_user_is_owner(user, request)
         user_serializer = self.get_serializer(instance=user)
         return Response(user_serializer.data,
                         status=200)
 
+    def patch(self, request, *args, **kwargs):
+        user = self.get_object()
+        check_user_is_owner(user, request)
+        data = request.data
+        with transaction.atomic():
+            user_serializer = self.get_serializer(instance=user, data=data,
+                                                  partial=True)
+            if not user_serializer.is_valid():
+                raise APIError(status=400,
+                               message=user_serializer.errors,
+                               show=True)
+            user_serializer.save()
+            return Response(status=200,
+                            data=user_serializer.data)
 
 class Oauth2ECUserLoginView(GenericAPIView):
 
