Initial commit for the sample django rest framework API and AngularJS project.

Author: kevinastone

.bowerrc

@@ -0,0 +1,3 @@
+{
+    "directory": "example/assets"
+}

.gitignore

@@ -0,0 +1,18 @@
+*~
+.DS_Store
+*.csv
+*.pyc
+*.swp
+*.egg-info
+build
+dist
+.coverage
+nosetests.xml
+lettucetests.xml
+coverage.xml
+ghostdriver.log
+.harvest
+pep8.report
+.env
+*.sqlite
+node_modules

Gruntfile.coffee

@@ -0,0 +1,12 @@
+module.exports = (grunt) ->
+    grunt.initConfig(
+        pkg: grunt.file.readJSON('package.json')
+        coffee:
+            files:
+                src: ['example/src/js/**/*.coffee']
+                dest: 'example/assets/js/script.js'
+    )
+    
+    grunt.loadNpmTasks('grunt-contrib-coffee')
+    
+    grunt.registerTask('default', ['coffee'])

Makefile

@@ -0,0 +1,14 @@
+clean:
+	rm -f example.sqlite
+
+create_database:
+	./manage.py syncdb --noinput
+	./manage.py migrate --noinput
+	./manage.py createsuperuser --username=root [email protected] --noinput
+
+make_fixtures:
+	DJANGO_SETTINGS_MODULE='example.settings' ./scripts/create_users.py
+	DJANGO_SETTINGS_MODULE='example.settings' ./scripts/create_posts.py
+	DJANGO_SETTINGS_MODULE='example.settings' ./scripts/create_photos.py
+
+all: clean create_database make_fixtures

Readme.markdown

@@ -0,0 +1,34 @@
+# Django API with Django Rest Framework and AngularJS-Resource
+
+This sample project is the companion of a [blog post](http://kevinastone.github.io/getting-started-with-django-rest-framework-and-angularjs.html) on how to get started with Django Rest Framework and AngularJS.
+
+## Dependencies
+
+To setup and run the sample code, you're going to need `npm` from NodeJS available to install the frontend code.
+
+## Setup
+
+You're encouraged to setup a `virtualenv` to work in prior to configuring the dependencies.
+
+1. Install Python Requirements
+
+        pip install -r requirements.txt
+        python setup.py develop
+
+2. Install Assets
+
+        npm install
+        bower install
+
+3. Compile Assets
+
+        grunt
+
+4. Setup the Database
+
+        make create_database; make make_fixtures
+
+5. Run the Server
+
+        ./manage.py runserver
+

bower.json

@@ -0,0 +1,11 @@
+{
+    "name": "example",
+    "version": "1.0.0",
+    "dependencies": {
+        "angular": "1.2.0-rc.2",
+        "angular-resource": "1.2.0-rc.2",
+        "underscore": "",
+        "bootstrap": ">=3.0"
+    },
+    "private": true
+}

example/__init__.py

@@ -0,0 +1,8 @@
+from django.contrib import admin
+
+from .models import User, Post, Photo
+
+
+admin.site.register(User)
+admin.site.register(Post)
+admin.site.register(Photo)

example/api/__init__.py

@@ -0,0 +1,75 @@
+from rest_framework import generics, permissions
+
+
+from .serializers import UserSerializer, PostSerializer, PhotoSerializer
+from .models import User, Post, Photo
+from .permissions import PostAuthorCanEditPermission
+
+
+class UserList(generics.ListAPIView):
+    model = User
+    serializer_class = UserSerializer
+    permission_classes = [
+        permissions.AllowAny
+    ]
+
+
+class UserDetail(generics.RetrieveAPIView):
+    model = User
+    serializer_class = UserSerializer
+    lookup_field = 'username'
+
+
+class PostMixin(object):
+    model = Post
+    serializer_class = PostSerializer
+    permission_classes = [
+        PostAuthorCanEditPermission
+    ]
+    
+    def pre_save(self, obj):
+        """Force author to the current user on save"""
+        obj.author = self.request.user
+        return super(PostMixin, self).pre_save(obj)
+
+
+class PostList(PostMixin, generics.ListCreateAPIView):
+    pass
+
+
+class PostDetail(PostMixin, generics.RetrieveUpdateDestroyAPIView):
+    pass
+
+
+class UserPostList(generics.ListAPIView):
+    model = Post
+    serializer_class = PostSerializer
+    
+    def get_queryset(self):
+        queryset = super(UserPostList, self).get_queryset()
+        return queryset.filter(author__username=self.kwargs.get('username'))
+
+
+class PhotoList(generics.ListCreateAPIView):
+    model = Photo
+    serializer_class = PhotoSerializer
+    permission_classes = [
+        permissions.AllowAny
+    ]
+
+
+class PhotoDetail(generics.RetrieveUpdateDestroyAPIView):
+    model = Photo
+    serializer_class = PhotoSerializer
+    permission_classes = [
+        permissions.AllowAny
+    ]
+
+
+class PostPhotoList(generics.ListAPIView):
+    model = Photo
+    serializer_class = PhotoSerializer
+    
+    def get_queryset(self):
+        queryset = super(PostPhotoList, self).get_queryset()
+        return queryset.filter(post__pk=self.kwargs.get('pk'))

example/api/admin.py

@@ -0,0 +1,10 @@
+from .models import User
+
+
+class AlwaysRootBackend(object):
+    def authenticate(self, *args, **kwargs):
+        """Always returns the `root` user.  DO NOT USE THIS IN PRODUCTION!"""
+        return User.objects.get(username='root')
+    
+    def get_user(self, user_id):
+        return User.objects.get(username='root')

example/api/api.py

@@ -0,0 +1,145 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Adding model 'User'
+        db.create_table(u'api_user', (
+            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
+            ('password', self.gf('django.db.models.fields.CharField')(max_length=128)),
+            ('last_login', self.gf('django.db.models.fields.DateTimeField')(default=datetime.datetime.now)),
+            ('is_superuser', self.gf('django.db.models.fields.BooleanField')(default=False)),
+            ('username', self.gf('django.db.models.fields.CharField')(unique=True, max_length=30)),
+            ('first_name', self.gf('django.db.models.fields.CharField')(max_length=30, blank=True)),
+            ('last_name', self.gf('django.db.models.fields.CharField')(max_length=30, blank=True)),
+            ('email', self.gf('django.db.models.fields.EmailField')(max_length=75, blank=True)),
+            ('is_staff', self.gf('django.db.models.fields.BooleanField')(default=False)),
+            ('is_active', self.gf('django.db.models.fields.BooleanField')(default=True)),
+            ('date_joined', self.gf('django.db.models.fields.DateTimeField')(default=datetime.datetime.now)),
+        ))
+        db.send_create_signal(u'api', ['User'])
+
+        # Adding M2M table for field groups on 'User'
+        m2m_table_name = db.shorten_name(u'api_user_groups')
+        db.create_table(m2m_table_name, (
+            ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)),
+            ('user', models.ForeignKey(orm[u'api.user'], null=False)),
+            ('group', models.ForeignKey(orm[u'auth.group'], null=False))
+        ))
+        db.create_unique(m2m_table_name, ['user_id', 'group_id'])
+
+        # Adding M2M table for field user_permissions on 'User'
+        m2m_table_name = db.shorten_name(u'api_user_user_permissions')
+        db.create_table(m2m_table_name, (
+            ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)),
+            ('user', models.ForeignKey(orm[u'api.user'], null=False)),
+            ('permission', models.ForeignKey(orm[u'auth.permission'], null=False))
+        ))
+        db.create_unique(m2m_table_name, ['user_id', 'permission_id'])
+
+        # Adding M2M table for field followers on 'User'
+        m2m_table_name = db.shorten_name(u'api_user_followers')
+        db.create_table(m2m_table_name, (
+            ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)),
+            ('from_user', models.ForeignKey(orm[u'api.user'], null=False)),
+            ('to_user', models.ForeignKey(orm[u'api.user'], null=False))
+        ))
+        db.create_unique(m2m_table_name, ['from_user_id', 'to_user_id'])
+
+        # Adding model 'Post'
+        db.create_table(u'api_post', (
+            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
+            ('author', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['api.User'])),
+            ('title', self.gf('django.db.models.fields.CharField')(max_length=255)),
+            ('body', self.gf('django.db.models.fields.TextField')(null=True, blank=True)),
+        ))
+        db.send_create_signal(u'api', ['Post'])
+
+        # Adding model 'Photo'
+        db.create_table(u'api_photo', (
+            (u'id', self.gf('django.db.models.fields.AutoField')(primary_key=True)),
+            ('post', self.gf('django.db.models.fields.related.ForeignKey')(related_name='photos', to=orm['api.Post'])),
+            ('image', self.gf('django.db.models.fields.files.ImageField')(max_length=100)),
+        ))
+        db.send_create_signal(u'api', ['Photo'])
+
+
+    def backwards(self, orm):
+        # Deleting model 'User'
+        db.delete_table(u'api_user')
+
+        # Removing M2M table for field groups on 'User'
+        db.delete_table(db.shorten_name(u'api_user_groups'))
+
+        # Removing M2M table for field user_permissions on 'User'
+        db.delete_table(db.shorten_name(u'api_user_user_permissions'))
+
+        # Removing M2M table for field followers on 'User'
+        db.delete_table(db.shorten_name(u'api_user_followers'))
+
+        # Deleting model 'Post'
+        db.delete_table(u'api_post')
+
+        # Deleting model 'Photo'
+        db.delete_table(u'api_photo')
+
+
+    models = {
+        u'api.photo': {
+            'Meta': {'object_name': 'Photo'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'image': ('django.db.models.fields.files.ImageField', [], {'max_length': '100'}),
+            'post': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'photos'", 'to': u"orm['api.Post']"})
+        },
+        u'api.post': {
+            'Meta': {'object_name': 'Post'},
+            'author': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['api.User']"}),
+            'body': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'title': ('django.db.models.fields.CharField', [], {'max_length': '255'})
+        },
+        u'api.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'followers': ('django.db.models.fields.related.ManyToManyField', [], {'related_name': "'followees'", 'symmetrical': 'False', 'to': u"orm['api.User']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        }
+    }
+
+    complete_apps = ['api']

example/api/auth.py

@@ -0,0 +1,18 @@
+from django.db import models
+
+from django.contrib.auth.models import AbstractUser
+
+
+class User(AbstractUser):
+	followers = models.ManyToManyField('self', related_name='followees', symmetrical=False)
+
+
+class Post(models.Model):
+	author = models.ForeignKey(User, related_name='posts')
+	title = models.CharField(max_length=255)
+	body = models.TextField(blank=True, null=True)
+
+
+class Photo(models.Model):
+	post = models.ForeignKey(Post, related_name='photos')
+	image = models.ImageField(upload_to="%Y/%m/%d")

example/api/migrations/0001_initial.py

@@ -0,0 +1,21 @@
+from rest_framework import permissions
+
+
+class SafeMethodsOnlyPermission(permissions.BasePermission):
+    """Only can access non-destructive methods (like GET and HEAD)"""
+    def has_permission(self, request, view):
+        return self.has_object_permission(request, view)
+    
+    def has_object_permission(self, request, view, obj=None):
+        return request.method in permissions.SAFE_METHODS
+
+
+class PostAuthorCanEditPermission(SafeMethodsOnlyPermission):
+    """Allow everyone to list or view, but only the other can modify existing instances"""
+    def has_object_permission(self, request, view, obj=None):
+        if obj is None:
+            # Either a list or a create, so no author
+            can_edit = True
+        else:
+            can_edit = request.user == obj.author
+        return can_edit or super(PostAuthorCanEditPermission, self).has_object_permission(request, view, obj)