librelist archives

« back to archive

Providing different views of data over a JSON API

Providing different views of data over a JSON API

From:
Todd Kennedy
Date:
2012-07-16 @ 15:23
Hey all.

So I'm in the midst of converting my (not-quite-finished) software to 
actually be a REST API build on Flask, with a front-end (also built on 
Flask to provide pre-cached/rendered pages) that's a single page 
javascript app.

I've been trying to work out an efficient (pythonic) way to provide 
different views of the data to users depending on their role, and a 
mechanism for converting the ORM objects into a dict that can be passed 
into json.dumps.

I'm asking here first because I wanted to know if you all know of any 
Flask extensions that provide functionality for a JSON based REST API, and
if there are any ORMs (I'm using SQLObject, but willing to migrate) that 
provide annotations or even allow me to decorate the data fields to 
explain which roles this data is allowed to be accessed by, and then 
provided a method that could provide a python dict (or even json) data 
representation of a particular model.

I've got a method that provides a python dict from an SQLObject instance 
(there are some recursion issues with nested models right now), but I'm 
not happy with how I need to annotate the fields to provide the data on 
what's available.  (I'm using a dict where the keys are the names of the 
roles and the fields are a list associated with that key).

TL;DR

Would like to know if there's a Python ORM that provides a "return this 
model as a dict/json", but is extensible enough to let me note which 
fields are available to a particular role.

Re: Providing different views of data over a JSON API

From:
Todd Kennedy
Date:
2012-07-19 @ 04:05
Hey all!

So I've been playing around with this and if anyone is interesting, I 
pored through the source code for SQLObject to see if I could add some 
additional data to the columns and I found a disabled "extra_vars" 
variable being passed into the __init__ functions for the column 
generators.

After trying to find some data on why it was disabled I happened upon this:
http://pythonpaste.org/archives/message/20051109.155414.486d62c8.ja.html

And created this patch based on it's info (https://gist.github.com/3140655)

Now I'm adding type and view attributes to the columns with:

title = UnicodeCol(length=128, validators=validator.String(min=1, 
max=128), extra_vars={"type": "string", "views": ["user", "admin", 
"owner"]})

Then I defined a mixin class called JSONable that has two methods:

dict(role)
json(role)

calling dict() provides a python dictionary suitable to be passed into 
json.dumps.  

I've got a rudimentary version working now -- I had to make some hacky 
stuff to unroll circular references between the models that SQLObject 
provides (so like the tag is a foreignkey of the entry object, SQLObject 
provides a reference back to all the entries which contain that tag, which
link back to the tag, etc, etc.)  I need to figure this part out in a 
better way so that it knows not to step down into the object type it just 
came down from, but it's working now.

When I get this entirely working I'll put it up on a gist if people are 
interested.  I don't know if anyone uses SQLObject as well, but it might 
prove to be helpful.





On Jul 16, 2012, at 8:23 AM, Todd Kennedy wrote:

> Hey all.
> 
> So I'm in the midst of converting my (not-quite-finished) software to 
actually be a REST API build on Flask, with a front-end (also built on 
Flask to provide pre-cached/rendered pages) that's a single page 
javascript app.
> 
> I've been trying to work out an efficient (pythonic) way to provide 
different views of the data to users depending on their role, and a 
mechanism for converting the ORM objects into a dict that can be passed 
into json.dumps.
> 
> I'm asking here first because I wanted to know if you all know of any 
Flask extensions that provide functionality for a JSON based REST API, and
if there are any ORMs (I'm using SQLObject, but willing to migrate) that 
provide annotations or even allow me to decorate the data fields to 
explain which roles this data is allowed to be accessed by, and then 
provided a method that could provide a python dict (or even json) data 
representation of a particular model.
> 
> I've got a method that provides a python dict from an SQLObject instance
(there are some recursion issues with nested models right now), but I'm 
not happy with how I need to annotate the fields to provide the data on 
what's available.  (I'm using a dict where the keys are the names of the 
roles and the fields are a list associated with that key).
> 
> TL;DR
> 
> Would like to know if there's a Python ORM that provides a "return this 
model as a dict/json", but is extensible enough to let me note which 
fields are available to a particular role.