Syndication - docs, api permissions

Permissions by token, IP and by model.

3 files changed, 44 insertions, 40 deletions

diff --git a/archaeological_finds/urls.py b/archaeological_finds/urls.py
index bc67139d9..532e22ab0 100644
--- a/archaeological_finds/urls.py
+++ b/archaeological_finds/urls.py
@@ -22,6 +22,7 @@ from django.conf.urls import url
 from ishtar_common.utils import check_rights, get_urls_for_model
 
 from archaeological_finds import views
+from archaeological_finds import views_api
 from archaeological_operations.views import administrativeactfile_document
 from archaeological_finds import models
 
@@ -593,7 +594,9 @@ urlpatterns = [
         ),
         name="autocomplete-findbasket-write",
     ),
-    url(r"api/public/find/$", views.PublicFindAPI.as_view(), name="api-public-find"),
+    url(
+        r"api/public/find/$", views_api.PublicFindAPI.as_view(), name="api-public-find"
+    ),
     url(
         r"api/ishtar/base-finds/geo/polygons$",
         check_rights(["view_find", "view_own_find"])(
diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index 4f5e64475..db8c4b04e 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -20,10 +20,6 @@
 from collections import OrderedDict
 import json
 
-from rest_framework import authentication, permissions
-from rest_framework.views import APIView
-from rest_framework.response import Response
-
 from django.conf import settings
 from django.core.exceptions import PermissionDenied
 from django.db.models import Q
@@ -35,8 +31,6 @@ from ishtar_common.utils import ugettext_lazy as _
 from django.views.generic import TemplateView
 from django.views.generic.edit import CreateView, FormView
 
-from ishtar_common.serializers import PublicSerializer
-
 from ishtar_common.models import IshtarUser, get_current_profile
 from archaeological_operations.models import AdministrativeAct, Operation
 from archaeological_context_records.models import ContextRecord
@@ -1311,39 +1305,6 @@ class QAFindLockView(QABaseLockView):
     base_url = "find-qa-lock"
 
 
-class PublicFindAPI(APIView):
-    authentication_classes = (authentication.TokenAuthentication,)
-    permission_classes = (permissions.IsAuthenticated,)
-
-    def get_queryset(self):
-        empty = models.Find.objects.filter(pk=None)
-        basket_slug = self.request.GET.get("basket", None)
-        if not basket_slug:
-            return empty
-        try:
-            basket = models.FindBasket.objects.get(slug=basket_slug, public=True)
-        except models.FindBasket.DoesNotExist:
-            return empty
-        q = (
-            models.FindBasket.items.through.objects.filter(findbasket_id=basket.id)
-            .values("find_id")
-            .order_by("id")
-        )
-        id_list = [bi["find_id"] for bi in q]
-        clauses = " ".join(
-            "WHEN id=%s THEN %s" % (pk, i) for i, pk in enumerate(id_list)
-        )
-
-        ordering = "CASE {} END".format(clauses)
-        return models.Find.objects.filter(id__in=id_list).extra(
-            select={"ordering": ordering}, order_by=("ordering",)
-        )
-
-    def get(self, request, format=None):
-        serializer = PublicSerializer(self.get_queryset(), many=True)
-        return Response(serializer.data)
-
-
 def get_geo_items(request, get_polygons, current_right=None):
     operation_pk = request.GET.get("operation_pk")
     context_record_pk = request.GET.get("context_record_pk")
diff --git a/archaeological_finds/views_api.py b/archaeological_finds/views_api.py
new file mode 100644
index 000000000..66cadeb5e
--- /dev/null
+++ b/archaeological_finds/views_api.py
@@ -0,0 +1,40 @@
+from rest_framework import authentication, permissions
+from rest_framework.views import APIView
+from rest_framework.response import Response
+
+from ishtar_common.serializers import PublicSerializer
+
+from archaeological_finds import models
+
+
+class PublicFindAPI(APIView):
+    authentication_classes = (authentication.TokenAuthentication,)
+    permission_classes = (permissions.IsAuthenticated,)
+
+    def get_queryset(self):
+        empty = models.Find.objects.filter(pk=None)
+        basket_slug = self.request.GET.get("basket", None)
+        if not basket_slug:
+            return empty
+        try:
+            basket = models.FindBasket.objects.get(slug=basket_slug, public=True)
+        except models.FindBasket.DoesNotExist:
+            return empty
+        q = (
+            models.FindBasket.items.through.objects.filter(findbasket_id=basket.id)
+                .values("find_id")
+                .order_by("id")
+        )
+        id_list = [bi["find_id"] for bi in q]
+        clauses = " ".join(
+            "WHEN id=%s THEN %s" % (pk, i) for i, pk in enumerate(id_list)
+        )
+
+        ordering = "CASE {} END".format(clauses)
+        return models.Find.objects.filter(id__in=id_list).extra(
+            select={"ordering": ordering}, order_by=("ordering",)
+        )
+
+    def get(self, request, format=None):
+        serializer = PublicSerializer(self.get_queryset(), many=True)
+        return Response(serializer.data)