From 4c801bb828a9334c5073ffde764b966b6843b5fe Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Tue, 19 Nov 2019 15:23:19 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E5=88=97=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/common/mixins/api.py      | 10 +++++++-
 apps/users/api/user.py         |  1 +
 apps/users/serializers/user.py | 45 +++++++++++++++++++++++++++-------
 3 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/apps/common/mixins/api.py b/apps/common/mixins/api.py
index 6b1e8a893..9d466a0f6 100644
--- a/apps/common/mixins/api.py
+++ b/apps/common/mixins/api.py
@@ -25,6 +25,14 @@ class IDSpmFilterMixin:
         return backends
 
 
+class SerializerMixin:
+    def get_serializer_class(self):
+        if self.request.query_params.get('draw') \
+                and hasattr(self, 'serializer_display_class'):
+            return self.serializer_display_class
+        return super().get_serializer_class()
+
+
 class ExtraFilterFieldsMixin:
     default_added_filters = [CustomFilter, IDSpmFilter]
     filter_backends = api_settings.DEFAULT_FILTER_BACKENDS
@@ -44,5 +52,5 @@ class ExtraFilterFieldsMixin:
         return queryset
 
 
-class CommonApiMixin(ExtraFilterFieldsMixin):
+class CommonApiMixin(SerializerMixin, ExtraFilterFieldsMixin):
     pass
diff --git a/apps/users/api/user.py b/apps/users/api/user.py
index 1c31df292..ee45eec05 100644
--- a/apps/users/api/user.py
+++ b/apps/users/api/user.py
@@ -40,6 +40,7 @@ class UserViewSet(CommonApiMixin, UserQuerysetMixin, BulkModelViewSet):
     filter_fields = ('username', 'email', 'name', 'id')
     search_fields = filter_fields
     serializer_class = serializers.UserSerializer
+    serializer_display_class = serializers.UserDisplaySerializer
     permission_classes = (IsOrgAdmin, CanUpdateDeleteUser)
 
     def get_queryset(self):
diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py
index 1f025ced3..256dc073d 100644
--- a/apps/users/serializers/user.py
+++ b/apps/users/serializers/user.py
@@ -13,35 +13,30 @@ from ..models import User, UserGroup
 __all__ = [
     'UserSerializer', 'UserPKUpdateSerializer', 'UserUpdateGroupSerializer',
     'ChangeUserPasswordSerializer', 'ResetOTPSerializer',
-    'UserProfileSerializer',
+    'UserProfileSerializer', 'UserDisplaySerializer',
 ]
 
 
 class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+
     class Meta:
         model = User
         list_serializer_class = AdaptedBulkListSerializer
         fields = [
             'id', 'name', 'username', 'password', 'email', 'public_key',
-            'groups',  'groups_display',
-            'role', 'role_display',  'wechat', 'phone', 'mfa_level',
-            'comment', 'source', 'source_display', 'is_valid', 'is_expired',
+            'groups', 'role', 'wechat', 'phone', 'mfa_level',
+            'comment', 'source', 'is_valid', 'is_expired',
             'is_active', 'created_by', 'is_first_login',
             'date_password_last_updated', 'date_expired', 'avatar_url',
         ]
         extra_kwargs = {
             'password': {'write_only': True, 'required': False, 'allow_null': True, 'allow_blank': True},
             'public_key': {'write_only': True},
-            'groups_display': {'label': _('Groups name')},
-            'source_display': {'label': _('Source name')},
             'is_first_login': {'label': _('Is first login'), 'read_only': True},
-            'role_display': {'label': _('Role name')},
             'is_valid': {'label': _('Is valid')},
             'is_expired': {'label': _('Is expired')},
             'avatar_url': {'label': _('Avatar url')},
             'created_by': {'read_only': True, 'allow_blank': True},
-            'can_update': {'read_only': True},
-            'can_delete': {'read_only': True},
         }
 
     def validate_role(self, value):
@@ -84,6 +79,38 @@ class UserSerializer(BulkSerializerMixin, serializers.ModelSerializer):
         return attrs
 
 
+class UserDisplaySerializer(UserSerializer):
+    can_update = serializers.SerializerMethodField()
+    can_delete = serializers.SerializerMethodField()
+
+    class Meta(UserSerializer.Meta):
+        fields = UserSerializer.Meta.fields + [
+            'groups_display', 'role_display', 'source_display',
+            'can_update', 'can_delete',
+        ]
+
+    def get_can_update(self, obj):
+        return CanUpdateDeleteUser.has_update_object_permission(
+            self.context['request'], self.context['view'], obj
+        )
+
+    def get_can_delete(self, obj):
+        return CanUpdateDeleteUser.has_delete_object_permission(
+            self.context['request'], self.context['view'], obj
+        )
+
+    def get_extra_kwargs(self):
+        kwargs = super().get_extra_kwargs()
+        kwargs.update({
+            'can_update': {'read_only': True},
+            'can_delete': {'read_only': True},
+            'groups_display': {'label': _('Groups name')},
+            'source_display': {'label': _('Source name')},
+            'role_display': {'label': _('Role name')},
+        })
+        return kwargs
+
+
 class UserPKUpdateSerializer(serializers.ModelSerializer):
     class Meta:
         model = User