Updating the job view

I rewrote the job view in the CBV paradigm using the generic `View` view. By doing this, I use the `JobAuthorizationMixin` to restrict the visibility of a job to its creator. I updated as well the `urls.py` file to call this new class. Signed-off-by: Matthieu Berjon <matthieu.berjon@inria.fr>

Updating the job view
I rewrote the job view in the CBV paradigm using the generic `View` view. By doing this, I use the `JobAuthorizationMixin` to restrict the visibility of a job to its creator. I updated as well the `urls.py` file to call this new class. Signed-off-by: Matthieu Berjon <matthieu.berjon@inria.fr>
638c90a4 · BERJON Matthieu · b939dd08 · 638c90a4 · 638c90a4
Commit 638c90a4 authored Sep 21, 2018 by BERJON Matthieu
--- a/django/allgo/api/v1/urls.py
+++ b/django/allgo/api/v1/urls.py
@@ -6,7 +6,7 @@ app_name = 'api'

 urlpatterns = [
    url(r'^jobs$', views.jobs, name='jobs'),
-    url(r'^jobs/(\d+)', views.job, name='job'),
+    url(r'^jobs/(\d+)', views.APIJobView.as_view(), name='job'),
    url(r'^datastore/(\d+)/(.*)/(.*)', views.download, name='download'),

 ]
--- a/django/allgo/api/v1/views.py
+++ b/django/allgo/api/v1/views.py
@@ -8,8 +8,11 @@ from django.core.validators import ValidationError
 from django.http import HttpResponse, JsonResponse, FileResponse
 from django.shortcuts import redirect
 from django.views.decorators.csrf import csrf_exempt
-from main.models import Job, AllgoUser, Webapp, JobQueue
+from django.views.generic import View
+
+from main.models import Job, Webapp, JobQueue
 from main.helpers import upload_data, get_base_url, lookup_job_file, get_user
+from .mixins import JobAuthorizationMixin

 log = logging.getLogger('allgo')

@@ -50,20 +53,22 @@ def job_response(job, request):
            }


-@csrf_exempt
-def job(request, jobid):
-    user = get_user(request)
-    if not user:
-        log.info("API request without http authorisation %s %s %s", request.META['HTTP_USER_AGENT'],
-                 request.META['REMOTE_ADDR'], request.META['QUERY_STRING'])
-        return HttpResponse(status=401)
+class APIJobView(JobAuthorizationMixin, View):

-    job = Job.objects.get(id=int(jobid), user=user.user)
-    if not job:
-        log.error("Job %s does not exist", jobid)
-        return HttpResponse(status=404)
-    else:
-        return JsonResponse(job_response(job, request))
+    def get(self, request, *args, **kwargs):
+        user = get_user(request)
+
+        if not user:
+            log.info("API request without http authorisation %s %s %s", request.META['HTTP_USER_AGENT'],
+                     request.META['REMOTE_ADDR'], request.META['QUERY_STRING'])
+            return HttpResponse(status=401)
+
+        job = Job.objects.get(id=int(args[0]), user=user.user)
+        if not job:
+            log.error("Job %s does not exist", jobid)
+            return HttpResponse(status=404)
+        else:
+            return JsonResponse(job_response(job, request))


 @csrf_exempt