In this blog, we will talk about how to add API for accessing the Panel Permissions on Open Event Server. The focus is on Schema creation and it’s API creation.
Schema Creation
For the PanelPermissionSchema, we’ll make our Schema as follows
Now, let’s try to understand this Schema.
In this feature, we are providing Admin the rights to create and assign panel permission to any of the custom system role.
- First of all, we are provide the four fields in this Schema, which are id, panel_name, role_id and can_access.
- The very first attribute id should be of type string as it would have the identity which will auto increment when a new system role is created. Here dump_only means that this value can’t be changed after the record is created.
- Next attribute panel_name should be of string type and it will contain the name of panel. This attribute is required in a panel_permissions table so set as allow_none=False.
- Next attribute role_id should be of integer type as it will tell us that to which role current panel is concerning.
- Next attribute can_access should be of boolean type as it will tell us whether a role of id=role_id has access to this panel or not.
- There is also a relationship named role which will give us the details of the custom system role with id=role_id.
API Creation
For the Panel Permissions, we’ll make our API as follows
Now, let’s try to understand this Schema.
In this API, we are providing Admin the rights to set panel permissions for a custom system role.
- PanelPermissionList inherits ResourceList which will give us list of all the custom system roles in the whole system.
- PanelPermissionList has a decorators attribute which gives the permission of both GET and POST requests to only admins of the system.
- The POST request of PanelPermissionList API requires the relationship of role.
- PanelPermissionDetail inherits ResourceDetail which will give the details of a Panel Permission object by id.
- PanelPermissionDetail has a decorators attribute which gives the permission of GET, PATCH and DELETE requests to only admins of the system.
So, we saw how Panel Permissions Schema and API is created to allow Admin users to get, update and delete it’s record.
Resources
- Documentation | Marshmallow : https://marshmallow-jsonapi.readthedocs.io/en/latest/
- Documentation | Flask Rest JSONAPI : http://flask-rest-jsonapi.readthedocs.io/en/latest/
- Documentation | Roles in Open Event Server: https://github.com/fossasia/open-event-server/blob/development/docs/general/roles.md