.. _api: API === Admin ----- .. py:class:: Admin(app, auth[, blueprint_factory[, template_helper[, prefix]]]) Class used to expose an admin area at a certain url in your application. The Admin object implements a flask blueprint and acts as the central registry for models and panels you wish to expose in the admin. The Admin object coordinates the registration of models and panels and provides a method for ensuring a user has permission to access the admin area. The Admin object requires an :py:class:`Auth` instance when being instantiated, which in turn requires a Flask app and a py:class:`Database` wrapper. Here is an example of how you might instantiate an Admin object: .. code-block:: python from flask import Flask from flask_peewee.admin import Admin from flask_peewee.auth import Auth from flask_peewee.db import Database app = Flask(__name__) db = Database(app) # needed for authentication auth = Auth(app, db) # instantiate the Admin object for our project admin = Admin(app, auth) :param app: flask application to bind admin to :param auth: :py:class:`Auth` instance which will provide authentication :param blueprint_factory: an object that will create the ``BluePrint`` used by the admin :param template_helper: a subclass of :py:class:`AdminTemplateHelper` that provides helpers and context to used by the admin templates :param prefix: url to bind admin to, defaults to ``/admin`` .. py:method:: register(model[, admin_class=ModelAdmin]) Register a model to expose in the admin area. A :py:class:`ModelAdmin` subclass can be provided along with the model, allowing for customization of the model's display and behavior. Example usage: .. code-block:: python # will use the default ModelAdmin subclass to display model admin.register(BlogModel) class EntryAdmin(ModelAdmin): columns = ('title', 'blog', 'pub_date',) admin.register(EntryModel, EntryAdmin) .. warning:: All models must be registered before calling :py:meth:`~Admin.setup` :param model: peewee model to expose via the admin :param admin_class: :py:class:`ModelAdmin` or subclass to use with given model .. py:method:: register_panel(title, panel) Register a :py:class:`AdminPanel` subclass for display in the admin dashboard. Example usage: .. code-block:: python class HelloWorldPanel(AdminPanel): template_name = 'admin/panels/hello.html' def get_context(self): return { 'message': 'Hello world', } admin.register_panel('Hello world', HelloWorldPanel) .. warning:: All panels must be registered before calling :py:meth:`~Admin.setup` :param title: identifier for panel, example might be "Site Stats" :param panel: subclass of :py:class:`AdminPanel` to display .. py:method:: setup() Configures urls for models and panels, then registers blueprint with the Flask application. Use this method when you have finished registering all the models and panels with the admin object, but before starting the WSGI application. For a sample implementation, check out ``example/main.py`` in the example application supplied with flask-peewee. .. code-block:: python # register all models, etc admin.register(...) # finish up initialization of the admin object admin.setup() if __name__ == '__main__': # run the WSGI application app.run() .. note:: call ``setup()`` **after** registering your models and panels .. py:method:: check_user_permission(user) Check whether the given user has permission to access to the admin area. The default implementation simply checks whether the ``admin`` field is checked, but you can provide your own logic. This method simply controls access to the admin area as a whole. In the event the user is **not** permitted to access the admin (this function returns ``False``), they will receive a HTTP Response Forbidden (403). Default implementation: .. code-block:: python def check_user_permission(self, user): return user.admin :param user: the currently logged-in user, exposed by the :py:class:`Auth` instance :rtype: Boolean .. py:method:: auth_required(func) Decorator that ensures the requesting user has permission. The implementation first checks whether the requesting user is logged in, and if not redirects to the login view. If the user *is* logged in, it calls :py:meth:`~Admin.check_user_permission`. Only if this call returns ``True`` is the actual view function called. .. py:method:: get_urls() Get a tuple of 2-tuples mapping urls to view functions that will be exposed by the admin. The default implementation looks like this: .. code-block:: python def get_urls(self): return ( ('/', self.auth_required(self.index)), ) This method provides an extension point for providing any additional "global" urls you would like to expose. .. note:: Remember to decorate any additional urls you might add with :py:meth:`~Admin.auth_required` to ensure they are not accessible by unauthenticated users. Exposing Models with the ModelAdmin ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:class:: ModelAdmin Class that determines how a peewee ``Model`` is exposed in the admin area. Provides a way of encapsulating model-specific configuration and behaviors. Provided when registering a model with the :py:class:`Admin` instance (see :py:meth:`Admin.register`). .. py:attribute:: columns List or tuple of columns should be displayed in the list index. By default if no columns are specified the ``Model``'s ``__unicode__()`` will be used. .. note:: Valid values for columns are the following: * field on a model * attribute on a model instance * callable on a model instance (called with no parameters) If a column is a model field, it will be sortable. .. code-block:: python class EntryAdmin(ModelAdmin): columns = ['title', 'pub_date', 'blog'] .. py:attribute:: filter_exclude Exclude certain fields from being exposed as filters. Related fields can be excluded using "__" notation, e.g. ``user__password`` .. py:attribute:: filter_fields Only allow filtering on the given fields .. py:attribute:: exclude A list of field names to exclude from the "add" and "edit" forms .. py:attribute:: fields Only display the given fields on the "add" and "edit" form .. py:attribute:: paginate_by = 20 Number of records to display on index pages .. py:attribute:: filter_paginate_by = 15 Default pagination when filtering in a modal dialog .. py:attribute:: delete_collect_objects = True Collect and display a list of "dependencies" when deleting .. py:attribute:: delete_recursive = True Delete "dependencies" recursively .. py:method:: get_query() Determines the list of objects that will be exposed in the admin. By default this will be all objects, but you can use this method to further restrict the query. This method is called within the context of a request, so you can access the ``Flask.request`` object or use the :py:class:`Auth` instance to determine the currently-logged-in user. Here's an example showing how the query is restricted based on whether the given user is a "super user" or not: .. code-block:: python class UserAdmin(ModelAdmin): def get_query(): # ask the auth system for the currently logged-in user current_user = self.auth.get_logged_in_user() # if they are not a superuser, only show them their own # account in the admin if not current_user.is_superuser: return User.select().where(User.id==current_user.id) # otherwise, show them all users return User.select() :rtype: A ``SelectQuery`` that represents the list of objects to expose .. py:method:: get_object(pk) This method retrieves the object matching the given primary key. The implementation uses :py:meth:`~ModelAdmin.get_query` to retrieve the base list of objects, then queries within that for the given primary key. :rtype: The model instance with the given pk, raising a ``DoesNotExist`` in the event the model instance does not exist. .. py:method:: get_form([adding=False]) Provides a useful extension point in the event you want to define custom fields or custom validation behavior. :param boolean adding: indicates whether adding a new instance or editing existing :rtype: A `wtf-peewee `_ Form subclass that will be used when adding or editing model instances in the admin. .. py:method:: get_add_form() Allows you to specify a different form when adding new instances versus editing existing instances. The default implementation simply calls :py:meth:`~ModelAdmin.get_form`. .. py:method:: get_edit_form() Allows you to specify a different form when editing existing instances versus adding new instances. The default implementation simply calls :py:meth:`~ModelAdmin.get_form`. .. py:method:: get_filter_form() Provide a special form for use when filtering the list of objects in the model admin's index/export views. This form is slightly different in that it is tailored for use when filtering the list of models. :rtype: A special Form instance (:py:class:`FilterForm`) that will be used when filtering the list of objects in the index view. .. py:method:: save_model(instance, form, adding=False) Method responsible for persisting changes to the database. Called by both the add and the edit views. Here is an example from the default ``auth.User`` :py:class:`ModelAdmin`, in which the password is displayed as a sha1, but if the user is adding or edits the existing password, it re-hashes: .. code-block:: python def save_model(self, instance, form, adding=False): orig_password = instance.password user = super(UserAdmin, self).save_model(instance, form, adding) if orig_password != form.password.data: user.set_password(form.password.data) user.save() return user :param instance: an unsaved model instance :param form: a validated form instance :param adding: boolean to indicate whether we are adding a new instance or saving an existing .. py:method:: get_template_overrides() Hook for specifying template overrides. Should return a dictionary containing view names as keys and template names as values. Possible choices for keys are: * index * add * edit * delete * export .. code-block:: python class UserModelAdmin(ModelAdmin): def get_template_overrides(self): return {'index': 'users/admin/index_override.html'} .. py:method:: get_urls() Useful as a hook for extending :py:class:`ModelAdmin` functionality with additional urls. .. note:: It is not necessary to decorate the views specified by this method since the :py:class:`Admin` instance will handle this during registration and setup. :rtype: tuple of 2-tuples consisting of a mapping between url and view .. py:method:: get_url_name(name) Since urls are namespaced, this function provides an easy way to get full urls to views provided by this ModelAdmin .. py:method:: process_filters(query) Applies any filters specified by the user to the given query, returning metadata about the filters. Returns a 4-tuple containing: * special ``Form`` instance containing fields for filtering * filtered query * a list containing the currently selected filters * a tree-structure containing the fields available for filtering (:py:class:`FieldTreeNode`) :rtype: A tuple as described above Extending admin functionality using AdminPanel ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:class:: AdminPanel Class that provides a simple interface for providing arbitrary extensions to the admin. These are displayed as "panels" on the admin dashboard with a customizable template. They may additionally, however, define any views and urls. These views will automatically be protected by the same authentication used throughout the admin area. Some example use-cases for AdminPanels might be: * Display some at-a-glance functionality in the dashboard, like stats on new user signups. * Provide a set of views that should only be visible to site administrators, for example a mailing-list app. * Control global site settings, turn on and off features, etc. .. py:attribute:: template_name What template to use to render the panel in the admin dashboard, defaults to ``'admin/panels/default.html'``. .. py:method:: get_urls() Useful as a hook for extending :py:class:`AdminPanel` functionality with custom urls and views. .. note:: It is not necessary to decorate the views specified by this method since the :py:class:`Admin` instance will handle this during registration and setup. :rtype: Returns a tuple of 2-tuples mapping url to view .. py:method:: get_url_name(name) Since urls are namespaced, this function provides an easy way to get full urls to views provided by this panel :param name: string representation of the view function whose url you want :rtype: String representing url .. code-block:: html {{ url_for(panel.get_url_name('create')) }} .. py:method:: get_template_name() Return the template used to render this panel in the dashboard. By default simply returns the template stored under :py:attr:`AdminPanel.template_name`. .. py:method:: get_context() Return the context to be used when rendering the dashboard template. :rtype: Dictionary .. py:method:: render() Render the panel template with the context -- this is what gets displayed in the admin dashboard. Auth ---- .. py:class:: Auth(app, db[, user_model=None[, prefix='/accounts']], db_table='user') The class that provides methods for authenticating users and tracking users across requests. It also provides a model for persisting users to the database, though this can be customized. The auth framework is used by the :py:class:`Admin` and can also be integrated with the :py:class:`RestAPI`. Here is an example of how to use the Auth framework: .. code-block:: python from flask import Flask from flask_peewee.auth import Auth from flask_peewee.db import Database app = Flask(__name__) db = Database(app) # needed for authentication auth = Auth(app, db) # mark a view as requiring login @app.route('/private/') @auth.login_required def private_timeline(): # get the currently-logged-in user user = auth.get_logged_in_user() Unlike the :py:class:`Admin` or the :py:class:`RestAPI`, there is no explicit ``setup()`` method call when using the Auth system. Creation of the auth blueprint and registration with the Flask app happen automatically during instantiation. .. note:: A context processor is automatically registered that provides the currently logged-in user across all templates, available as "user". If no user is logged in, the value of this will be ``None``. .. note:: A pre-request handler is automatically registered which attempts to retrieve the current logged-in user and store it on the global flask variable ``g``. :param app: flask application to bind admin to :param db: :py:class:`Database` database wrapper for flask app :param user_model: ``User`` model to use :param prefix: url to bind authentication views to, defaults to /accounts/ :param db_table: Create db table using db_table name. ``user`` is reserved keyword in postgres. .. py:attribute:: default_next_url = 'homepage' The url to redirect to upon successful login in the event a ``?next=`` is not provided. .. py:method:: get_logged_in_user() .. note:: Since this method relies on the session storage to track users across requests, this method must be called while within a ``RequestContext``. :rtype: returns the currently logged-in ``User``, or ``None`` if session is anonymous .. py:method:: login_required(func) Function decorator that ensures a view is only accessible by authenticated users. If the user is not authed they are redirected to the login view. .. note:: this decorator should be applied closest to the original view function .. code-block:: python @app.route('/private/') @auth.login_required def private(): # this view is only accessible by logged-in users return render_template('private.html') :param func: a view function to be marked as login-required :rtype: if the user is logged in, return the view as normal, otherwise returns a redirect to the login page .. py:method:: get_user_model() :rtype: Peewee model to use for persisting user data and authentication .. py:method:: get_model_admin([model_admin=None]) Provide a :py:class:`ModelAdmin` class suitable for use with the User model. Specifically addresses the need to re-hash passwords when changing them via the admin. The default implementation includes an override of the :py:meth:`ModelAdmin.save_model` method to intelligently hash passwords: .. code-block:: python class UserAdmin(model_admin): columns = ['username', 'email', 'active', 'admin'] def save_model(self, instance, form, adding=False): orig_password = instance.password user = super(UserAdmin, self).save_model(instance, form, adding) if orig_password != form.password.data: user.set_password(form.password.data) user.save() return user :param model_admin: subclass of :py:class:`ModelAdmin` to use as the base class :rtype: a subclass of :py:class:`ModelAdmin` suitable for use with the ``User`` model .. py:method:: get_urls() A mapping of url to view. The default implementation provides views for login and logout only, but you might extend this to add registration and password change views. Default implementation: .. code-block:: python def get_urls(self): return ( ('/logout/', self.logout), ('/login/', self.login), ) :rtype: a tuple of 2-tuples mapping url to view function. .. py:method:: get_login_form() :rtype: a ``wtforms.Form`` subclass to use for retrieving any user info required for login .. py:method:: authenticate(username, password) Given the ``username`` and ``password``, retrieve the user with the matching credentials if they exist. No exceptions should be raised by this method. :rtype: ``User`` model if successful, otherwise ``False`` .. py:method:: login_user(user) Mark the given user as "logged-in". In the default implementation, this entails storing data in the ``Session`` to indicate the successful login. :param user: ``User`` instance .. py:method:: logout_user(user) Mark the requesting user as logged-out :param user: ``User`` instance The BaseUser mixin ^^^^^^^^^^^^^^^^^^ .. py:class:: BaseUser() Provides default implementations for password hashing and validation. The auth framework requires two methods be implemented by the ``User`` model. A default implementation of these methods is provided by the ``BaseUser`` mixin. .. py:method:: set_password(password) Encrypts the given password and stores the encrypted version on the model. This method is useful when registering a new user and storing the password, or modifying the password when a user elects to change. .. py:method:: check_password(password) Verifies if the given plaintext password matches the encrypted version stored on the model. This method on the User model is called specifically by the :py:meth:`Auth.authenticate` method. :rtype: Boolean Database -------- .. py:class:: Database(app) The database wrapper provides integration between the peewee ORM and flask. It reads database configuration information from the flask app configuration and manages connections across requests. The db wrapper also provides a ``Model`` subclass which is configured to work with the database specified by the application's config. To configure the database specify a database engine and name: .. code-block:: python DATABASE = { 'name': 'example.db', 'engine': 'peewee.SqliteDatabase', } Here is an example of how you might use the database wrapper: .. code-block:: python # instantiate the db wrapper db = Database(app) # start creating models class Blog(db.Model): # this model will automatically work with the database specified # in the application's config. :param app: flask application to bind admin to .. py:attribute:: Model Model subclass that works with the database specified by the app's config REST API -------- .. py:class:: RestAPI(app[, prefix='/api'[, default_auth=None[, name='api']]]) The :py:class:`RestAPI` acts as a container for the various :py:class:`RestResource` objects. By default it binds all resources to ``/api//``. Much like the :py:class:`Admin`, it is a centralized registry of resources. Example of creating a ``RestAPI`` instance for a flask app: .. code-block:: python from flask_peewee.rest import RestAPI from app import app # our project's Flask app # instantiate our api wrapper api = RestAPI(app) # register a model with the API api.register(SomeModel) # configure URLs api.setup() .. note:: Like the flask admin, the ``RestAPI`` has a ``setup()`` method which must be called after all resources have been registered. :param app: flask application to bind API to :param prefix: url to serve REST API from :param default_auth: default :py:class:`Authentication` type to use with registered resources :param name: the name for the API blueprint .. py:method:: register(model[, provider=RestResource[, auth=None[, allowed_methods=None]]]) Register a model to expose via the API. :param model: ``Model`` to expose via API :param provider: subclass of :py:class:`RestResource` to use for this model :param auth: authentication type to use for this resource, falling back to :py:attr:`RestAPI.default_auth` :param allowed_methods: ``list`` of HTTP verbs to allow, defaults to ``['GET', 'POST', 'PUT', 'DELETE']`` .. py:method:: setup() Register the API ``BluePrint`` and configure urls. .. warning:: This must be called **after** registering your resources. RESTful Resources and their subclasses ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:class:: RestResource(rest_api, model, authentication[, allowed_methods=None]) Class that determines how a peewee ``Model`` is exposed by the Rest API. Provides a way of encapsulating model-specific configuration and behaviors. Provided when registering a model with the :py:class:`RestAPI` instance (see :py:meth:`RestAPI.register`). Should not be instantiated directly in most cases. Instead should be "registered" with a ``RestAPI`` instance. Example usage: .. code-block:: python # instantiate our api wrapper, passing in a reference to the Flask app api = RestAPI(app) # create a RestResource subclass class UserResource(RestResource): exclude = ('password', 'email',) # assume we have a "User" model, register it with the custom resource api.register(User, UserResource) .. py:attribute:: paginate_by = 20 Determines how many results to return for a given API query. .. note:: *Fewer* results can be requested by specifying a ``limit``, but ``paginate_by`` is the upper bound. .. py:attribute:: fields = None A list or tuple of fields to expose when serializing .. py:attribute:: exclude = None A list or tuple of fields to **not** expose when serializing .. py:attribute:: filter_exclude A list of fields that **cannot** be used to filter API results .. py:attribute:: filter_fields A list of fields that can be used to filter the API results .. py:attribute:: filter_recursive = True Allow filtering on related resources .. py:attribute:: include_resources A mapping of field name to resource class for handling of foreign-keys. When provided, foreign keys will be "nested". .. code-block:: python class UserResource(RestResource): exclude = ('password', 'email') class MessageResource(RestResource): include_resources = {'user': UserResource} # 'user' is a foreign key field .. code-block:: javascript /* messages without "include_resources" */ { "content": "flask and peewee, together at last!", "pub_date": "2011-09-16 18:36:15", "id": 1, "user": 2 }, /* messages with "include_resources = {'user': UserResource} */ { "content": "flask and peewee, together at last!", "pub_date": "2011-09-16 18:36:15", "id": 1, "user": { "username": "coleifer", "active": true, "join_date": "2011-09-16 18:35:56", "admin": false, "id": 2 } } .. py:attribute:: delete_recursive = True Recursively delete dependencies .. py:method:: get_query() Returns the list of objects to be exposed by the API. Provides an easy hook for restricting objects: .. code-block:: python class UserResource(RestResource): def get_query(self): # only return "active" users return self.model.select().where(active=True) :rtype: a ``SelectQuery`` containing the model instances to expose .. py:method:: prepare_data(obj, data) This method provides a hook for modifying outgoing data. The default implementation no-ops, but you could do any kind of munging here. The data returned by this method is passed to the serializer before being returned as a json response. :param obj: the object being serialized :param data: the dictionary representation of a model returned by the ``Serializer`` :rtype: a dictionary of data to hand off .. py:method:: save_object(instance, raw_data) Persist the instance to the database. The raw data supplied by the request is also available, but at the time this method is called the instance has already been updated and populated with the incoming data. :param instance: ``Model`` instance that has already been updated with the incoming ``raw_data`` :param raw_data: data provided in the request :rtype: a saved instance .. py:method:: api_list() A view that dispatches based on the HTTP verb to either: * GET: :py:meth:`~RestResource.object_list` * POST: :py:meth:`~RestResource.create` :rtype: ``Response`` .. py:method:: api_detail(pk) A view that dispatches based on the HTTP verb to either: * GET: :py:meth:`~RestResource.object_detail` * PUT: :py:meth:`~RestResource.edit` * DELETE: :py:meth:`~RestResource.delete` :rtype: ``Response`` .. py:method:: object_list() Returns a serialized list of ``Model`` instances. These objects may be filtered, ordered, and/or paginated. :rtype: ``Response`` .. py:method:: object_detail() Returns a serialized ``Model`` instance. :rtype: ``Response`` .. py:method:: create() Creates a new ``Model`` instance based on the deserialized POST body. :rtype: ``Response`` containing serialized new object .. py:method:: edit() Edits an existing ``Model`` instance, updating it with the deserialized PUT body. :rtype: ``Response`` containing serialized edited object .. py:method:: delete() Deletes an existing ``Model`` instance from the database. :rtype: ``Response`` indicating number of objects deleted, i.e. ``{'deleted': 1}`` .. py:method:: get_api_name() :rtype: URL-friendly name to expose this resource as, defaults to the model's name .. py:method:: check_get([obj=None]) A hook for pre-authorizing a GET request. By default returns ``True``. :rtype: Boolean indicating whether to allow the request to continue .. py:method:: check_post() A hook for pre-authorizing a POST request. By default returns ``True``. :rtype: Boolean indicating whether to allow the request to continue .. py:method:: check_put(obj) A hook for pre-authorizing a PUT request. By default returns ``True``. :rtype: Boolean indicating whether to allow the request to continue .. py:method:: check_delete(obj) A hook for pre-authorizing a DELETE request. By default returns ``True``. :rtype: Boolean indicating whether to allow the request to continue .. py:class:: RestrictOwnerResource(RestResource) This subclass of :py:class:`RestResource` allows only the "owner" of an object to make changes via the API. It works by verifying that the authenticated user matches the "owner" of the model instance, which is specified by setting :py:attr:`~RestrictOwnerResource.owner_field`. Additionally, it sets the "owner" to the authenticated user whenever saving or creating new instances. .. py:attribute:: owner_field = 'user' Field on the model to use to verify ownership of the given instance. .. py:method:: validate_owner(user, obj) :param user: an authenticated ``User`` instance :param obj: the ``Model`` instance being accessed via the API :rtype: Boolean indicating whether the user can modify the object .. py:method:: set_owner(obj, user) Mark the object as being owned by the provided user. The default implementation simply calls ``setattr``. :param obj: the ``Model`` instance being accessed via the API :param user: an authenticated ``User`` instance Authenticating requests to the API ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. py:class:: Authentication([protected_methods=None]) Not to be confused with the ``auth.Authentication`` class, this class provides a single method, ``authorize``, which is used to determine whether to allow a given request to the API. :param protected_methods: A list or tuple of HTTP verbs to require auth for .. py:method:: authorize() This single method is called per-API-request. :rtype: Boolean indicating whether to allow the given request through or not .. py:class:: UserAuthentication(auth[, protected_methods=None]) Authenticates API requests by requiring the requesting user be a registered ``auth.User``. Credentials are supplied using HTTP basic auth. Example usage: .. code-block:: python from auth import auth # import the Auth object used by our project from flask_peewee.rest import RestAPI, RestResource, UserAuthentication # create an instance of UserAuthentication user_auth = UserAuthentication(auth) # instantiate our api wrapper, specifying user_auth as the default api = RestAPI(app, default_auth=user_auth) # create a special resource for users that excludes email and password class UserResource(RestResource): exclude = ('password', 'email',) # register our models so they are exposed via /api// api.register(User, UserResource) # specify the UserResource # configure the urls api.setup() :param auth: an :ref:`authentication` instance :param protected_methods: A list or tuple of HTTP verbs to require auth for .. py:method:: authorize() Verifies, using HTTP Basic auth, that the username and password match a valid ``auth.User`` model before allowing the request to continue. :rtype: Boolean indicating whether to allow the given request through or not .. py:class:: AdminAuthentication(auth[, protected_methods=None]) Subclass of the :py:class:`UserAuthentication` that further restricts which users are allowed through. The default implementation checks whether the requesting user is an "admin" by checking whether the admin attribute is set to ``True``. Example usage: .. code-block:: python Authenticates API requests by requiring the requesting user be a registered ``auth.User``. Credentials are supplied using HTTP basic auth. Example usage: .. code-block:: python from auth import auth # import the Auth object used by our project from flask_peewee.rest import RestAPI, RestResource, UserAuthentication, AdminAuthentication # create an instance of UserAuthentication and AdminAuthentication user_auth = UserAuthentication(auth) admin_auth = AdminAuthentication(auth) # instantiate our api wrapper, specifying user_auth as the default api = RestAPI(app, default_auth=user_auth) # create a special resource for users that excludes email and password class UserResource(RestResource): exclude = ('password', 'email',) # register our models so they are exposed via /api// api.register(SomeModel) # specify the UserResource and require the requesting user be an admin api.register(User, UserResource, auth=admin_auth) # configure the urls api.setup() .. py:method:: verify_user(user) Verifies whether the requesting user is an administrator :param user: the ``auth.User`` instance of the requesting user :rtype: Boolean indicating whether the user is an administrator .. py:class:: APIKeyAuthentication(model, protected_methods=None) Subclass that allows you to provide an API Key model to authenticate requests with. .. note:: Must provide an API key model with at least the following two fields: * key * secret .. code-block:: python # example API key model class APIKey(db.Model): key = CharField() secret = CharField() user = ForeignKeyField(User) # instantiating the auth api_key_auth = APIKeyAuthentication(model=APIKey) :param model: a :py:class:`Database.Model` subclass to persist API keys. :param protected_methods: A list or tuple of HTTP verbs to require auth for Utilities --------- .. py:function:: get_object_or_404(query_or_model, *query) Provides a handy way of getting an object or 404ing if not found, useful for urls that match based on ID. :param query_or_model: a query or model to filter using the given expressions :param query: a list of query expressions .. code-block:: python @app.route('/blog//') def blog_detail(title): blog = get_object_or_404(Blog.select().where(Blog.active==True), Blog.title==title) return render_template('blog/detail.html', blog=blog) .. py:function:: object_list(template_name, qr[, var_name='object_list'[, **kwargs]]) Wraps the given query and handles pagination automatically. Pagination defaults to ``20`` but can be changed by passing in ``paginate_by=XX``. :param template_name: template to render :param qr: a select query :param var_name: the template variable name to use for the paginated query :param kwargs: arbitrary context to pass in to the template .. code-block:: python @app.route('/blog/') def blog_list(): active = Blog.select().where(Blog.active==True) return object_list('blog/index.html', active) .. code-block:: html <!-- template --> {% for blog in object_list %} {# render the blog here #} {% endfor %} {% if page > 1 %} <a href="./?page={{ page - 1 }}">Prev</a> {% endif %} {% if page < pagination.get_pages() %} <a href="./?page={{ page + 1 }}">Next</a> {% endif %} .. py:function:: get_next() :rtype: a URL suitable for redirecting to .. py:function:: slugify(s) Use a regular expression to make arbitrary string ``s`` URL-friendly :param s: any string to be slugified :rtype: url-friendly version of string ``s`` .. py:class:: PaginatedQuery(query_or_model, paginate_by) A wrapper around a query (or model class) that handles pagination. .. py:attribute:: page_var = 'page' The URL variable used to store the current page Example: .. code-block:: python query = Blog.select().where(Blog.active==True) pq = PaginatedQuery(query) # assume url was /?page=3 obj_list = pq.get_list() # returns 3rd page of results pq.get_page() # returns "3" pq.get_pages() # returns total objects / objects-per-page .. py:method:: get_list() :rtype: a list of objects for the request page .. py:method:: get_page() :rtype: an integer representing the currently requested page .. py:method:: get_pages() :rtype: the number of pages in the entire result set