Add is_superuser (#11)

* check if user is superuser

backend/recotem/recotem/api/serializers/__init__.py

@@ -1,6 +1,5 @@
 from typing import Any
 
-from django.contrib.auth import get_user_model
 from rest_framework import serializers
 
 from recotem.api.models import (
@@ -10,6 +9,7 @@
     TaskLog,
 )
 
+from .auth import UserDetailsSerializer
 from .data import TrainingDataSerializer
 from .project import ProjectSerializer, ProjectSummarySerializer
 from .trained_model import TrainedModelSerializer
@@ -64,10 +64,12 @@ class Meta:
 __all__ = (
     "TrainingDataSerializer",
     "ProjectSerializer",
-    "ProjectSummarySerializer" "ParameterTuningJobSerializer",
+    "ProjectSummarySerializer",
+    "ParameterTuningJobSerializer",
     "TrainedModelSerializer",
     "SplitConfigSerializer",
     "EvaluationConfigSerializer",
     "TaskLogSerializer",
     "ModelConfigurationSerializer",
+    "UserDetailsSerializer",
 )

backend/recotem/recotem/api/serializers/auth.py

@@ -0,0 +1,27 @@
+from dj_rest_auth import serializers as dj_serializers
+from django.contrib.auth import get_user_model
+
+# Get the UserModel
+UserModel = get_user_model()
+
+
+class UserDetailsSerializer(dj_serializers.UserDetailsSerializer):
+    """
+    Custom User model w/o password
+    """
+
+    class Meta:
+        extra_fields = []
+        if hasattr(UserModel, "USERNAME_FIELD"):
+            extra_fields.append(UserModel.USERNAME_FIELD)
+        if hasattr(UserModel, "EMAIL_FIELD"):
+            extra_fields.append(UserModel.EMAIL_FIELD)
+        if hasattr(UserModel, "first_name"):
+            extra_fields.append("first_name")
+        if hasattr(UserModel, "last_name"):
+            extra_fields.append("last_name")
+        if hasattr(UserModel, "is_superuser"):
+            extra_fields.append("is_superuser")
+        model = UserModel
+        fields = ("pk", *extra_fields)
+        read_only_fields = ("email", "is_superuser")

backend/recotem/recotem/settings.py

@@ -71,6 +71,10 @@
     "DEFAULT_RENDERER_CLASSES": ("rest_framework.renderers.JSONRenderer",),
 }
 
+REST_AUTH_SERIALIZERS = {
+    "USER_DETAILS_SERIALIZER": "recotem.api.serializers.UserDetailsSerializer",
+}
+
 ROOT_URLCONF = "recotem.urls"
 
 TEMPLATES = [

frontend/src/api/schema.ts

@@ -149,6 +149,9 @@ export interface paths {
     delete: operations["parameter_tuning_job_destroy"];
     patch: operations["parameter_tuning_job_partial_update"];
   };
+  "/api/ping/": {
+    get: operations["ping_retrieve"];
+  };
   "/api/project/": {
     get: operations["project_list"];
     post: operations["project_create"];
@@ -428,14 +431,16 @@ export interface components {
       basename?: string | null;
       filesize?: number;
     };
-    /** User model w/o password */
+    /** Custom User model w/o password */
     PatchedUserDetails: {
       pk?: number;
       /** Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. */
       username?: string;
       email?: string;
       first_name?: string;
       last_name?: string;
+      /** Designates that this user has all permissions without explicitly assigning them. */
+      is_superuser?: boolean;
     };
     Project: {
       id: number;
@@ -538,14 +543,16 @@ export interface components {
       basename: string | null;
       filesize: number;
     };
-    /** User model w/o password */
+    /** Custom User model w/o password */
     UserDetails: {
       pk: number;
       /** Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only. */
       username: string;
       email: string;
       first_name?: string;
       last_name?: string;
+      /** Designates that this user has all permissions without explicitly assigning them. */
+      is_superuser: boolean;
     };
     UserProfileInteraction: {
       item_ids: string[];
@@ -1217,6 +1224,12 @@ export interface operations {
       };
     };
   };
+  ping_retrieve: {
+    responses: {
+      /** No response body */
+      200: unknown;
+    };
+  };
   project_list: {
     parameters: {
       query: {

frontend/src/components/CurrentUser.vue

@@ -30,7 +30,7 @@
             api schema
           </v-list-item-title>
         </v-list-item>
-        <v-list-item class="justify-center" link href="/api/admin">
+        <v-list-item class="justify-center" link href="/api/admin" v-if="isSuperuser">
           <v-list-item-title>
             <v-icon>mdi-language-python</v-icon> django admin
           </v-list-item-title>
@@ -89,6 +89,10 @@ export default Vue.extend({
         return `${AuthModule.docURLBase}/${AuthModule.recotemDocVersion}/docs/user/${this.$route.name}`;
       }
     },
+    isSuperuser(): boolean {
+      if (this.user === null || this.user.is_superuser === undefined) return false;
+      return this.user.is_superuser;
+    },
   },
   methods: {
     async logout(): Promise<void> {

schema.yml

@@ -1015,6 +1015,15 @@ paths:
       responses:
         '204':
           description: No response body
+  /api/ping/:
+    get:
+      operationId: ping_retrieve
+      description: ''
+      tags:
+      - ping
+      responses:
+        '200':
+          description: No response body
   /api/project/:
     get:
       operationId: project_list
@@ -2664,7 +2673,7 @@ components:
           readOnly: true
     PatchedUserDetails:
       type: object
-      description: User model w/o password
+      description: Custom User model w/o password
       properties:
         pk:
           type: integer
@@ -2687,6 +2696,12 @@ components:
         last_name:
           type: string
           maxLength: 150
+        is_superuser:
+          type: boolean
+          readOnly: true
+          title: Superuser status
+          description: Designates that this user has all permissions without explicitly
+            assigning them.
     Project:
       type: object
       properties:
@@ -2989,7 +3004,7 @@ components:
       - project
     UserDetails:
       type: object
-      description: User model w/o password
+      description: Custom User model w/o password
       properties:
         pk:
           type: integer
@@ -3012,8 +3027,15 @@ components:
         last_name:
           type: string
           maxLength: 150
+        is_superuser:
+          type: boolean
+          readOnly: true
+          title: Superuser status
+          description: Designates that this user has all permissions without explicitly
+            assigning them.
       required:
       - email
+      - is_superuser
       - pk
       - username
     UserProfileInteraction: