mirror of
https://gitlab.science.ru.nl/technicie/MarietjeDjango.git
synced 2025-12-10 12:32:20 +01:00
Change player to OAuth protocol
This commit is contained in:
Lars van Rhijn
@ -3,7 +3,7 @@ import time
|
||||
from rest_framework import serializers
|
||||
|
||||
from marietje.api.v1.serializers import UserRelatedFieldSerializer
|
||||
from queues.models import Queue, Playlist, PlaylistSong
|
||||
from queues.models import Queue, Playlist, PlaylistSong, QueueCommand
|
||||
from songs.api.v1.serializers import SongSerializer
|
||||
|
||||
|
||||
@ -28,8 +28,8 @@ class PlaylistSerializer(serializers.ModelSerializer):
|
||||
|
||||
|
||||
class QueueSerializer(serializers.ModelSerializer):
|
||||
current_song = serializers.SerializerMethodField()
|
||||
queue = serializers.SerializerMethodField()
|
||||
current_song = serializers.SerializerMethodField(read_only=True)
|
||||
queue = serializers.SerializerMethodField(read_only=True)
|
||||
|
||||
def get_current_song(self, queue):
|
||||
return PlaylistSongSerializer(queue.current_song()).data
|
||||
@ -48,3 +48,18 @@ class QueueSerializer(serializers.ModelSerializer):
|
||||
"queue",
|
||||
"started_at",
|
||||
]
|
||||
read_only_fiels = [
|
||||
"id",
|
||||
"current_song",
|
||||
"queue",
|
||||
]
|
||||
|
||||
|
||||
class QueueCommandSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = QueueCommand
|
||||
fields = [
|
||||
"id",
|
||||
"queue",
|
||||
"command",
|
||||
]
|
||||
|
||||
@ -11,10 +11,14 @@ from queues.api.v1.views import (
|
||||
QueueVolumeDownAPIView,
|
||||
QueueVolumeUpAPIView,
|
||||
QueueMuteAPIView,
|
||||
QueueCommandListAPIView,
|
||||
QueueCommandDestroyAPIView,
|
||||
QueueUpdateAPIView,
|
||||
)
|
||||
|
||||
urlpatterns = [
|
||||
path("current/", QueueAPIView.as_view(), name="queue_current"),
|
||||
path("<int:pk>/", QueueUpdateAPIView.as_view(), name="queue_update"),
|
||||
path("current/skip/", QueueSkipAPIView.as_view(), name="queue_skip"),
|
||||
path("current/request/", QueueRequestAPIView.as_view(), name="queue_request"),
|
||||
path("current/volume-down/", QueueVolumeDownAPIView.as_view(), name="queue_volume_down"),
|
||||
@ -24,4 +28,6 @@ urlpatterns = [
|
||||
path("playlists/<int:pk>/", PlaylistRetrieveAPIView.as_view(), name="playlist_retrieve"),
|
||||
path("playlist-song/<int:id>/move-down/", PlaylistSongMoveDownAPIView.as_view(), name="playlist_song_move_down"),
|
||||
path("playlist-song/<int:id>/cancel/", PlaylistSongCancelAPIView.as_view(), name="playlist_song_cancel"),
|
||||
path("<int:pk>/commands/", QueueCommandListAPIView.as_view(), name="queue_command_list"),
|
||||
path("commands/<int:pk>/", QueueCommandDestroyAPIView.as_view(), name="queue_command_destroy"),
|
||||
]
|
||||
|
||||
@ -1,4 +1,13 @@
|
||||
from rest_framework.generics import ListAPIView, RetrieveAPIView, get_object_or_404, CreateAPIView, DestroyAPIView
|
||||
from oauth2_provider.views.mixins import ClientProtectedResourceMixin
|
||||
from rest_framework import status, mixins
|
||||
from rest_framework.generics import (
|
||||
ListAPIView,
|
||||
RetrieveAPIView,
|
||||
get_object_or_404,
|
||||
CreateAPIView,
|
||||
DestroyAPIView,
|
||||
UpdateAPIView,
|
||||
)
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework.response import Response
|
||||
|
||||
@ -6,9 +15,14 @@ from marietje.api.openapi import CustomAutoSchema
|
||||
from marietje.api.permissions import IsAuthenticatedOrTokenHasScopeForMethod
|
||||
from django.http import Http404
|
||||
|
||||
from queues.api.v1.serializers import PlaylistSerializer, QueueSerializer, PlaylistSongSerializer
|
||||
from queues.api.v1.serializers import (
|
||||
PlaylistSerializer,
|
||||
QueueSerializer,
|
||||
PlaylistSongSerializer,
|
||||
QueueCommandSerializer,
|
||||
)
|
||||
from queues.exceptions import RequestException
|
||||
from queues.models import Playlist, PlaylistSong, QueueCommand
|
||||
from queues.models import Playlist, PlaylistSong, QueueCommand, Queue
|
||||
from queues.services import get_user_or_default_queue
|
||||
from songs.counters import request_counter
|
||||
from songs.models import Song
|
||||
@ -47,13 +61,58 @@ class QueueAPIView(APIView):
|
||||
}
|
||||
)
|
||||
|
||||
def get(self, request, **kwargs):
|
||||
queue = get_user_or_default_queue(request)
|
||||
def get_object(self):
|
||||
queue = get_user_or_default_queue(self.request)
|
||||
if queue is None:
|
||||
raise Http404()
|
||||
return queue
|
||||
|
||||
def get(self, request, **kwargs):
|
||||
queue = self.get_object()
|
||||
return Response(status=200, data=self.serializer_class(queue).data)
|
||||
|
||||
|
||||
class QueueUpdateAPIView(ClientProtectedResourceMixin, UpdateAPIView):
|
||||
serializer_class = QueueSerializer
|
||||
queryset = Queue.objects.all()
|
||||
permission_classes = [IsAuthenticatedOrTokenHasScopeForMethod]
|
||||
required_scopes_for_method = {"PUT": ["write"], "PATCH": ["write"]}
|
||||
schema = CustomAutoSchema(
|
||||
response_schema={
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"id": {"type": "int", "example": 1},
|
||||
"name": {"type": "string", "example": "string"},
|
||||
"playlist": {"type": "int", "example": 1},
|
||||
"random_playlist": {"type": "int", "example": 1},
|
||||
"current_song": {"$ref": "#/components/schemas/PlaylistSong"},
|
||||
"queue": {"type": "array", "items": {"$ref": "#/components/schemas/PlaylistSong"}},
|
||||
"started_at": {"type": "string", "format": "date-time", "nullable": True},
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
def put(self, request, **kwargs):
|
||||
queue = self.get_object()
|
||||
if queue.oauth_client is None or queue.oauth_client != request.auth.application:
|
||||
return Response(
|
||||
{"detail": "Unauthorized"},
|
||||
status=status.HTTP_401_UNAUTHORIZED,
|
||||
)
|
||||
else:
|
||||
return super(QueueUpdateAPIView, self).put(request, **kwargs)
|
||||
|
||||
def patch(self, request, **kwargs):
|
||||
queue = self.get_object()
|
||||
if queue.oauth_client is None or queue.oauth_client != request.auth.application:
|
||||
return Response(
|
||||
{"detail": "Unauthorized"},
|
||||
status=status.HTTP_401_UNAUTHORIZED,
|
||||
)
|
||||
else:
|
||||
return super(QueueUpdateAPIView, self).patch(request, **kwargs)
|
||||
|
||||
|
||||
class QueueSkipAPIView(APIView):
|
||||
serializer_class = QueueSerializer
|
||||
permission_classes = [IsAuthenticatedOrTokenHasScopeForMethod]
|
||||
@ -80,12 +139,14 @@ class QueueSkipAPIView(APIView):
|
||||
if queue is None:
|
||||
return Response(status=404)
|
||||
|
||||
playlist_song = request.user.queue.current_song()
|
||||
if (
|
||||
request.user is not None
|
||||
and playlist_song.user != request.user
|
||||
and not request.user.has_perm("queues.can_skip")
|
||||
):
|
||||
playlist_song = queue.current_song()
|
||||
if request.user is not None:
|
||||
if playlist_song.user != request.user and not request.user.has_perm("queues.can_skip"):
|
||||
return Response(status=403)
|
||||
elif request.auth is not None:
|
||||
if queue.oauth_client is None or request.auth.application != queue.oauth_client:
|
||||
return Response(status=403)
|
||||
else:
|
||||
return Response(status=403)
|
||||
|
||||
playlist_song.state = 2
|
||||
@ -260,3 +321,41 @@ class QueueMuteAPIView(APIView):
|
||||
return Response(status=403)
|
||||
QueueCommand.objects.create(queue=queue, command="mute")
|
||||
return Response(status=200, data=self.serializer_class(queue).data)
|
||||
|
||||
|
||||
class QueueCommandListAPIView(ClientProtectedResourceMixin, ListAPIView):
|
||||
serializer_class = QueueCommandSerializer
|
||||
queryset = QueueCommand.objects.all()
|
||||
permission_classes = [IsAuthenticatedOrTokenHasScopeForMethod]
|
||||
required_scopes_for_method = {"GET": ["read"]}
|
||||
|
||||
def get_queryset(self):
|
||||
queue = get_object_or_404(Queue, pk=self.kwargs.get("pk"))
|
||||
self.queryset.filter(queue=queue)
|
||||
|
||||
def get(self, request, **kwargs):
|
||||
queue = get_object_or_404(Queue, pk=kwargs.get("pk"))
|
||||
if queue.oauth_client is None or queue.oauth_client != request.auth.application:
|
||||
return Response(
|
||||
{"detail": "Unauthorized"},
|
||||
status=status.HTTP_401_UNAUTHORIZED,
|
||||
)
|
||||
else:
|
||||
return super(QueueCommandListAPIView, self).get(request, **kwargs)
|
||||
|
||||
|
||||
class QueueCommandDestroyAPIView(ClientProtectedResourceMixin, DestroyAPIView):
|
||||
serializer_class = QueueCommandSerializer
|
||||
queryset = QueueCommand.objects.all()
|
||||
permission_classes = [IsAuthenticatedOrTokenHasScopeForMethod]
|
||||
required_scopes_for_method = {"DELETE": ["write"]}
|
||||
|
||||
def delete(self, request, **kwargs):
|
||||
queue_command = self.get_object()
|
||||
if queue_command.queue.oauth_client is None or queue_command.queue.oauth_client != request.auth.application:
|
||||
return Response(
|
||||
{"detail": "Unauthorized"},
|
||||
status=status.HTTP_401_UNAUTHORIZED,
|
||||
)
|
||||
else:
|
||||
return super(QueueCommandDestroyAPIView, self).delete(request, **kwargs)
|
||||
|
||||
Reference in New Issue
Block a user