Rationale:
Currently edx-platform contains openedx.core.lib.api contains which are building blocks for creating APIs through DRF such as serializers, permission decorators and error handlers. These building blocks could be used across multiple projects at edxedX, ensuring that we are consistent across our APIs, but because they are in the edx-platform it makes their reuse difficult. I'm proposing we move all classes to the edx-drf-extensions repo, which already gets built as a package and installed into edx-platform.
File | Class / Method | Description | Status | Status Explanation |
---|
authentication.py | SessionAuthenticationAllowInactiveUser | Ensure that the user is logged in, but do not require the account to be active |
|
|
| OAuth2AuthenticationAllowInactiveUser | This is a temporary workaround while the is_active field on the user is coupled with whether or not the user has verified ownership of their claimed email address |
|
|
fields.py | ExpandableField | Field that can dynamically use a more detailed serializer based on a user-provided "expand" parameter |
|
|
mixins.py | AbsoluteURLField | Field that serializes values to absolute URLs based on the current request |
|
|
| PutAsCreateMixin | Backwards compatibility with Django Rest Framework v2, which allowed creation of a new resource using PUT |
|
|
parsers.py | TypedFileUploadParser | Handles upload of files, ensuring that the media type is supported, and that the uploaded filename matches the Content-type |
|
|
| MergePatchParser | Custom parser to be used with the "merge patch" implementation (https://tools.ietf.org/html/rfc7396). |
|
|
permissions.py | ApiKeyHeaderPermission | Django REST Framework permissions class used to manage API Key integrations | | ApiKey is deprecated. |
| ApiKeyHeaderPermissionIsAuthenticated | Allow someone to access the view if they have the API key OR they are authenticated | | ApiKey is deprecated. |
| IsUserInUrl | Permission that checks to see if the request user matches the user in the URL | | Moved to edx-drf-extensions |
| IsCourseStaffInstructor | Permission to check that user is a course instructor or staff of a master course given a course object or the user is a coach of the course itself |
|
|
| IsMasterCourseStaffInstructor | Permission to check that user is instructor or staff of the master course |
|
|
| IsStaff | Permission that checks to see if the request user has is_staff access | | Moved to edx-drf-extensions |
| IsUserInUrlOrStaff | Permission that checks to see if the request user matches the user in the URL or has is_staff access |
| Use rest_condition instead. |
| IsStaffOrReadOnly | Permission that checks to see if the user is global or course staff, permitting only read-only access if they are not |
|
|
| IsStaffOrOwner | Permission that allows access to admin users or the owner of an object. The owner is considered the User object represented by obj.user |
|
|
serializers.py | CollapsedReferenceSerializer | Serializes arbitrary models in a collapsed format, with just an id and url |
|
|
| CourseKeyField | Serializer field for a model CourseKey field | | Moved to opaque-keys |
test_utils.py | ApiTestCase | Parent test case for API workflow coverage |
|
|
view_utils.py | DeveloperErrorViewMixin | A view mixin to handle common error cases other than validation failure (auth failure, method not allowed, etc.) by generating an error response conforming to our API conventions with a developer message |
|
|
| ExpandableFieldViewMixin | A view mixin to add expansion information to the serializer context for later use by an ExpandableField |
|
|
| view_auth_classes | Function and class decorator that abstracts the authentication and permission checks for api views. |
|
|
| add_serializer_errors | Adds errors from serializer validation to field_errors. data is the original data to deserialize |
|
|
| build_api_error | Build an error dict corresponding to edX API conventions |
|
|
| RetrievePatchAPIView | Concrete view for retrieving and updating a model instance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|