init

app/upload/api/serializers.py

@@ -0,0 +1,10 @@
+from rest_framework import serializers
+
+from upload.models import Upload
+
+
+class UploadSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Upload
+        fields = ['id', 'created_at', 'user', 'filename', 'slug']
+        read_only_fields = ['id', 'created_at', 'slug']

app/upload/api/viewsets.py

@@ -0,0 +1,19 @@
+from rest_framework import viewsets, permissions
+
+from upload.models import Upload
+from upload.api.serializers import UploadSerializer
+
+class UploadViewSet(viewsets.ModelViewSet):
+    queryset = Upload.objects.all()
+    serializer_class = UploadSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_queryset(self):
+        # Les utilisateurs ne peuvent voir que leurs propres uploads
+        if not self.request.user.is_staff:
+            return Upload.objects.filter(user=self.request.user)
+        # Les administrateurs peuvent voir tous les uploads
+        return Upload.objects.all()
+
+    def perform_create(self, serializer):
+        serializer.save(user=self.request.user)