From 955a3a32e2c88d76dec2c67512f465023a8f6ce3 Mon Sep 17 00:00:00 2001
From: Alejandro Alonso <alejandroalonsofernandez@gmail.com>
Date: Fri, 22 May 2015 09:13:34 +0200
Subject: [PATCH] Adding by_username endpoint to users API

---
 taiga/users/api.py                               | 16 ++++++++++++++--
 taiga/users/permissions.py                       |  3 ++-
 .../test_users_resources.py                      | 16 +++++++++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/taiga/users/api.py b/taiga/users/api.py
index 626e20b0..93eef318 100644
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@@ -57,10 +57,11 @@ class UsersViewSet(ModelCrudViewSet):
     filter_backends = (MembersFilterBackend,)
 
     def get_serializer_class(self):
-        if self.action in ["partial_update", "update", "retrieve"]:
-            user = self.get_object()
+        if self.action in ["partial_update", "update", "retrieve", "by_username"]:
+            user = self.object
             if self.request.user == user:
                 return self.admin_serializer_class
+
         return self.serializer_class
 
     def create(self, *args, **kwargs):
@@ -79,6 +80,17 @@ class UsersViewSet(ModelCrudViewSet):
 
         return response.Ok(serializer.data)
 
+    @list_route(methods=["GET"])
+    def by_username(self, request, *args, **kwargs):
+        username = request.QUERY_PARAMS.get("username", None)
+        return self.retrieve(request, username=username)
+
+    def retrieve(self, request, *args, **kwargs):
+        self.object = get_object_or_404(models.User, **kwargs)
+        self.check_permissions(request, 'retrieve', self.object)
+        serializer = self.get_serializer(self.object)
+        return response.Ok(serializer.data)
+
     @detail_route(methods=["GET"])
     def contacts(self, request, *args, **kwargs):
         user = self.get_object()
diff --git a/taiga/users/permissions.py b/taiga/users/permissions.py
index a8cbd8d9..168a9419 100644
--- a/taiga/users/permissions.py
+++ b/taiga/users/permissions.py
@@ -31,7 +31,8 @@ class IsTheSameUser(PermissionComponent):
 class UserPermission(TaigaResourcePermission):
     enought_perms = IsSuperUser()
     global_perms = None
-    retrieve_perms = IsTheSameUser()
+    retrieve_perms = AllowAny()
+    by_username_perms = retrieve_perms
     update_perms = IsTheSameUser()
     destroy_perms = IsTheSameUser()
     list_perms = AllowAny()
diff --git a/tests/integration/resources_permissions/test_users_resources.py b/tests/integration/resources_permissions/test_users_resources.py
index 6c1270ad..5bcf3c4e 100644
--- a/tests/integration/resources_permissions/test_users_resources.py
+++ b/tests/integration/resources_permissions/test_users_resources.py
@@ -44,7 +44,7 @@ def test_user_retrieve(client, data):
     ]
 
     results = helper_test_http_method(client, 'get', url, None, users)
-    assert results == [401, 200, 403, 200]
+    assert results == [200, 200, 200, 200]
 
 
 def test_user_me(client, data):
@@ -59,6 +59,20 @@ def test_user_me(client, data):
     assert results == [401, 200]
 
 
+def test_user_by_username(client, data):
+    url = reverse('users-by-username')
+
+    users = [
+        None,
+        data.registered_user,
+        data.other_user,
+        data.superuser,
+    ]
+
+    results = helper_test_http_method(client, 'get', "{}?username={}".format(url, data.registered_user.username), None, users)
+    assert results == [200, 200, 200, 200]
+
+
 def test_user_update(client, data):
     url = reverse('users-detail', kwargs={"pk": data.registered_user.pk})