Commit d2b6ac84 by Sylvia Pearce

Reorganize and update API documentation

parent 3cdad467
...@@ -183,7 +183,13 @@ MOCK_MODULES = [ ...@@ -183,7 +183,13 @@ MOCK_MODULES = [
'update_account_settings', 'update_account_settings',
'serializers', 'serializers',
'profile_images.images', 'profile_images.images',
'xmodule.course_module' 'xmodule.course_module',
'user_api.accounts.api',
'user_api.accounts.serializers',
'ecommerce_api_client',
'client',
'ecommerce_api_client.client',
'ecommerce_api_client.exceptions'
] ]
......
.. _EdX Platform Course Structure API Endpoints:
################################################
Course Structure API Endpoints
################################################
You use the Course Structure API to view information about
courses.
The following tasks and endpoints are currently supported.
.. list-table::
:widths: 10 70
:header-rows: 1
* - To:
- Use this endpoint:
* - :ref:`Get a list of courses in the edX platform <Get a List of Courses>`
- GET /api/course_structure/v0/courses/
* - :ref:`Get details about a course <Get Course Details>`
- GET /api/course_structure/v0/courses/{course_id}/
* - :ref:`Get a course's structure, or blocks <Get the Course Structure>`
- GET /api/course_structure/v0/course_structures/{course_id}/
* - :ref:`Get a course's grading policy <Get the Course Grading Policy>`
- GET /api/course_structure/v0/grading_policies/{course_id}/
\ No newline at end of file
...@@ -8,5 +8,4 @@ Course Structure API Version 0 ...@@ -8,5 +8,4 @@ Course Structure API Version 0
:maxdepth: 2 :maxdepth: 2
overview overview
endpoints
course_structure course_structure
...@@ -16,16 +16,24 @@ significant enhancements to this API. Currently the Course Structure API is for ...@@ -16,16 +16,24 @@ significant enhancements to this API. Currently the Course Structure API is for
internal use only; third parties cannot use the API to access course structure internal use only; third parties cannot use the API to access course structure
data. data.
*********************************************** **********************************************
Course Structure API Capabilities Course Structure API Resources and Endpoints
*********************************************** **********************************************
With the Course Structure API, you can complete these tasks. The Course Structure API supports the following resources, tasks, methods, and
endpoints.
* :ref:`Get a list of courses in the edX platform <Get a List of Courses>`
.. list-table::
* :ref:`Get details about a course <Get Course Details>` :widths: 10 70
:header-rows: 1
* :ref:`Get a course's structure, or blocks <Get the Course Structure>`
* - To:
* :ref:`Get a course's grading policy <Get the Course Grading Policy>` - Use this endpoint:
* - :ref:`Get a list of courses in the edX platform <Get a List of Courses>`
- GET /api/course_structure/v0/courses/
* - :ref:`Get details about a course <Get Course Details>`
- GET /api/course_structure/v0/courses/{course_id}/
* - :ref:`Get a course's structure, or blocks <Get the Course Structure>`
- GET /api/course_structure/v0/course_structures/{course_id}/
* - :ref:`Get a course's grading policy <Get the Course Grading Policy>`
- GET /api/course_structure/v0/grading_policies/{course_id}/
.. _edX Enrollment API Endpoints:
################################################
Enrollment API Endpoints
################################################
You use the Enrollment API to view information about users and
their course enrollments, course information, and videos and transcripts.
The following tasks and endpoints are currently supported.
.. list-table::
:widths: 10 70
:header-rows: 1
* - To:
- Use this endpoint:
* - :ref:`Get the user's enrollment status in a course <Get the Users Enrollment Status in a Course>`
- /api/enrollment/v1/enrollment/{user_id},{course_id}
* - :ref:`Get enrollment details for a course<Get Enrollment Details for a Course>`
- /api/enrollment/v1/course/{course_id}
* - :ref:`View a user's enrollments <View and add to a Users Course Enrollments>`
- /api/enrollment/v1/enrollment
* - :ref:`Enroll a user in a course <View and add to a Users Course Enrollments>`
- /api/enrollment/v1/enrollment{“course_details”:{“course_id”:“*course_id*”}}
\ No newline at end of file
################################################## ##################################################
Enrollment API Enrollment API
################################################## ##################################################
This page contains information on using the Enrollment API to complete You can use the Enrollment API to complete the following tasks.
the following actions.
* :ref:`Get the user's enrollment status in a course <Get the Users Enrollment Status in a Course>` * :ref:`Get the user's enrollment status in a course <Get the Users Enrollment
* :ref:`Get enrollment details for a course<Get Enrollment Details for a Course>` Status in a Course>`.
* :ref:`View a user's enrollments <View and add to a Users Course Enrollments>` * :ref:`Get enrollment details for a course<Get Enrollment Details for a
* :ref:`Enroll a user in a course <View and add to a Users Course Enrollments>` Course>`.
* :ref:`View a user's enrollments <View and add to a Users Course
Enrollments>`.
* :ref:`Enroll a user in a course <View and add to a Users Course
Enrollments>`.
.. _Get the Users Enrollment Status in a Course: .. _Get the Users Enrollment Status in a Course:
...@@ -33,37 +36,34 @@ Get the User's Enrollment Status in a Course ...@@ -33,37 +36,34 @@ Get the User's Enrollment Status in a Course
"mode": "honor", "mode": "honor",
"is_active": true, "is_active": true,
"course_details": { "course_details": {
"course_end": "2015-06-30T05:00:00Z", "course_id": "edX/DemoX/Demo_Course",
"course_start": "2015-02-05T05:00:00Z", "enrollment_end": null,
"course_modes": [ "course_modes": [
{ {
"slug": "honor", "slug": "honor",
"name": "Honor Code Certificate", "name": "Honor Code Certificate",
"min_price": 0, "min_price": 0,
"suggested_prices": [], "suggested_prices": [],
"currency": "usd", "currency": "usd",
"expiration_datetime": null, "expiration_datetime": null,
"description": null, "description": null
"sku": null }
} ],
], "enrollment_start": null,
"enrollment_start": "2015-01-01T05:00:00Z", "invite_only": false
"enrollment_end": "2015-02-13T05:00:00Z", },
"invite_only": false, "user": "staff"
"course_id": "edX/DemoX/Demo_Course"
},
"user": "staff"
} }
.. _Get Enrollment Details for a Course: .. _Get Enrollment Details for a Course:
************************************ **************************************************
Get Enrollment Details for a Course Get the User's Enrollment Information for a Course
************************************ **************************************************
.. autoclass:: enrollment.views.EnrollmentCourseDetailView .. autoclass:: enrollment.views.EnrollmentCourseDetailView
**Example response showing a user's course enrollments** **Example response showing a user's course enrollment information**
.. code-block:: json .. code-block:: json
...@@ -73,8 +73,8 @@ Get Enrollment Details for a Course ...@@ -73,8 +73,8 @@ Get Enrollment Details for a Course
Allow: GET, HEAD, OPTIONS Allow: GET, HEAD, OPTIONS
{ {
"course_end": "2015-06-30T05:00:00Z", "course_id": "edX/DemoX/Demo_Course",
"course_start": "2015-02-05T05:00:00Z", "enrollment_end": null,
"course_modes": [ "course_modes": [
{ {
"slug": "honor", "slug": "honor",
...@@ -83,14 +83,11 @@ Get Enrollment Details for a Course ...@@ -83,14 +83,11 @@ Get Enrollment Details for a Course
"suggested_prices": [], "suggested_prices": [],
"currency": "usd", "currency": "usd",
"expiration_datetime": null, "expiration_datetime": null,
"description": null, "description": null
"sku": null
} }
], ],
"enrollment_start": "2015-01-01T05:00:00Z", "enrollment_start": null,
"enrollment_end": "2015-02-13T05:00:00Z", "invite_only": false
"invite_only": false,
"course_id": "edX/DemoX/Demo_Course"
} }
...@@ -103,7 +100,7 @@ View and Add to a User's Course Enrollments ...@@ -103,7 +100,7 @@ View and Add to a User's Course Enrollments
.. autoclass:: enrollment.views.EnrollmentListView .. autoclass:: enrollment.views.EnrollmentListView
**Example response showing a user's course enrollments** **Example response showing a user who is enrolled in two courses**
.. code-block:: json .. code-block:: json
...@@ -114,12 +111,12 @@ View and Add to a User's Course Enrollments ...@@ -114,12 +111,12 @@ View and Add to a User's Course Enrollments
[ [
{ {
"created": "2014-11-19T04:06:55Z", "created": "2014-09-19T18:08:37Z",
"mode": "honor", "mode": "honor",
"is_active": true, "is_active": true,
"course_details": { "course_details": {
"course_end": "2015-06-30T05:00:00Z", "course_id": "edX/DemoX/Demo_Course",
"course_start": "2015-02-05T05:00:00Z", "enrollment_end": null,
"course_modes": [ "course_modes": [
{ {
"slug": "honor", "slug": "honor",
...@@ -128,21 +125,41 @@ View and Add to a User's Course Enrollments ...@@ -128,21 +125,41 @@ View and Add to a User's Course Enrollments
"suggested_prices": [], "suggested_prices": [],
"currency": "usd", "currency": "usd",
"expiration_datetime": null, "expiration_datetime": null,
"description": null, "description": null
"sku": null
} }
], ],
"enrollment_start": "2015-01-01T05:00:00Z", "enrollment_start": null,
"enrollment_end": "2015-02-13T05:00:00Z", "invite_only": false
"invite_only": false, },
"course_id": "edX/DemoX/Demo_Course" "user": "honor"
}, },
"user": "staff" {
} "created": "2014-09-19T18:09:35Z",
"mode": "honor",
"is_active": true,
"course_details": {
"course_id": "ArbisoftX/BulkyEmail101/2014-15",
"enrollment_end": null,
"course_modes": [
{
"slug": "honor",
"name": "Honor Code Certificate",
"min_price": 0,
"suggested_prices": [],
"currency": "usd",
"expiration_datetime": null,
"description": null
}
],
"enrollment_start": "2014-05-01T04:00:00Z",
"invite_only": false
},
"user": "honor"
}
] ]
**Example post request to enroll the user in a new course** **Example response showing that a user has been enrolled in a new course**
.. code-block:: json .. code-block:: json
......
...@@ -8,5 +8,4 @@ Enrollment API Version 1.0 ...@@ -8,5 +8,4 @@ Enrollment API Version 1.0
:maxdepth: 2 :maxdepth: 2
overview overview
endpoints
enrollment enrollment
...@@ -5,30 +5,45 @@ Enrollment API Overview ...@@ -5,30 +5,45 @@ Enrollment API Overview
################################################ ################################################
Use the Enrollment API to view user and course enrollment Use the Enrollment API to view user and course enrollment
information, and to enroll a user in a course. information and to enroll a user in a course.
You can use the Enrollment API for web, desktop, and mobile You can use the Enrollment API for web, desktop, and mobile
applications. applications.
**************************************** ****************************************
Enrollment API Version 1.0 Enrollment API Version and Status
**************************************** ****************************************
The Enrollment API is currently at version 1.0. We plan on making The Enrollment API is currently at version 1.0. We plan to make
significant enhancements to this API. significant enhancements to this API.
******************************************** ********************************************
Enrollment API Capabilities Enrollment API Endpoints
******************************************** ********************************************
With the Enrollment API, you can complete these tasks. The Enrollment API supports the following tasks, methods, and endpoints.
.. list-table::
:widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Get the user's enrollment status in a course
<Get the Users Enrollment Status in a Course>`
- GET
- /api/enrollment/v1/enrollment/{user_id},{course_id}
* - :ref:`Get enrollment details for a course
<Get Enrollment Details for a Course>`
- GET
- /api/enrollment/v1/course/{course_id}
* - :ref:`View a user's enrollments
<View and add to a Users Course Enrollments>`
- GET
- /api/enrollment/v1/enrollment
* - :ref:`Enroll a user in a course
<View and add to a Users Course Enrollments>`
- POST
- /api/enrollment/v1/enrollment{“course_details”:{“course_id”:“*course_id*”}}
* :ref:`Get the user's enrollment status in a course <Get the Users Enrollment
Status in a Course>`
* :ref:`Get enrollment details for a course<Get Enrollment Details for a
Course>`
* :ref:`View a user's enrollments <View and add to a Users Course Enrollments>`
* :ref:`Enroll a user in a course <View and add to a Users Course Enrollments>`
################################################## ##################################################
Mobile Course Information API Mobile Course Information API Resource
################################################## ##################################################
This page describes how to use the Mobile Course Information API With the Mobile Course Information API resource, you can complete the following tasks.
to complete these actions:
* `Get Course Updates`_ * - :ref:`Get updates about a course<Get Course Updates>`.
* `Get Course Handouts`_ * - :ref:`Get a list of course handouts<Get Course Handouts>`.
.. _Get Course Updates: .. _Get Course Updates:
******************* *******************
...@@ -50,18 +48,6 @@ Get Course Handouts ...@@ -50,18 +48,6 @@ Get Course Handouts
.. autoclass:: mobile_api.course_info.views.CourseHandoutsList .. autoclass:: mobile_api.course_info.views.CourseHandoutsList
**Use Case**
Get the HTML for course handouts.
**Example request**:
``GET /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/handouts``
**Response Values**
* handouts_html: The HTML for course handouts.
**Example response** **Example response**
.. code-block:: json .. code-block:: json
......
.. _edX PlatformMobile API Endpoints:
################################################
Mobile API Endpoints
################################################
You use the Mobile API enables to view information about users and
their course enrollments, course information, and videos and transcripts.
The following tasks and endpoints are currently supported.
.. list-table::
:widths: 10 70
:header-rows: 1
* - To:
- Use this endpoint:
* - :ref:`Get details about a user<Get User Details>`
- /api/mobile/v0.5/users/{username}
* - :ref:`Get course enrollments for about a user<Get a User's Course Enrollments>`
- /api/mobile/v0.5/users/{username}/course_enrollments/
* - :ref:`Get or change user status in a course<Get or Change User Status in a Course>`
- /api/mobile/v0.5/users/{username}/course_status_info/{course_id}
* - :ref:`Get updates for a course<Get Course Updates>`
- /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/updates
* - :ref:`Get handouts for a course<Get Course Handouts>`
- /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/handouts
* - :ref:`Get videos in a course<Get the Video List>`
- /api/mobile/v0.5/video_outlines/courses/{organization}/{course_number}/{course_run}
* - :ref:`Get a video transcript<Get a Video Transcript>`
- /api/mobile/v0.5/video_outlines/transcripts/{organization}/{course_number}/{course_run}/{video ID}/{language code}
...@@ -8,7 +8,6 @@ Mobile API Version 0.5 ...@@ -8,7 +8,6 @@ Mobile API Version 0.5
:maxdepth: 2 :maxdepth: 2
overview overview
endpoints
users users
course_info course_info
video_outlines video_outlines
...@@ -8,7 +8,7 @@ Use the Mobile API to build mobile applications for students to ...@@ -8,7 +8,7 @@ Use the Mobile API to build mobile applications for students to
view course information and videos for courses on your instance of Open edX. view course information and videos for courses on your instance of Open edX.
****************************************** ******************************************
Mobile API Version 0.5, Alpha Mobile API Version and Status
****************************************** ******************************************
The Mobile API is currently at version 0.5 and is an Alpha The Mobile API is currently at version 0.5 and is an Alpha
...@@ -20,19 +20,67 @@ release. We plan on making significant enhancements and changes to the API. ...@@ -20,19 +20,67 @@ release. We plan on making significant enhancements and changes to the API.
while keeping in mind that endpoints might change. while keeping in mind that endpoints might change.
************************************* *************************************
Mobile API Capabilities Mobile API Resources and Endpoints
************************************* *************************************
With the Mobile API, you can complete these tasks. The Mobile API supports the following resources, tasks, methods, and endpoints.
* Get :ref:`user details<Get User Details>` and :ref:`course enrollments<Get a ========================
User's Course Enrollments>` for a user. Mobile User API Resource
========================
* :ref:`Get or change user status in a course <Get or Change User Status in a .. list-table::
Course>` :widths: 20 10 70
:header-rows: 1
* Get :ref:`updates<Get Course Updates>`, and :ref:`handouts<Get Course * - Task
Handouts>` for courses the user is enrolled in. - Method
- Endpoint
* - :ref:`Get details about a user<Get User Details>`
- GET
- /api/mobile/v0.5/users/{username}
* - :ref:`Get course enrollments for a user<Get a User's Course Enrollments>`
- GET
- /api/mobile/v0.5/users/{username}/course_enrollments/
* - :ref:`Get a user's status in a course<Get or Change User Status in a Course>`
- GET
- /api/mobile/v0.5/users/{username}/course_status_info/{course_id}
* - :ref:`Change a user's status in a course<Get or Change User Status in a Course>`
- PATCH
- /api/mobile/v0.5/rs/{username}/course_status_info/{course_id}
* Get :ref:`videos<Get the Video List>` and :ref:`transcripts<Get a Video ========================================
Transcript>` for courses the user is enrolled in. Mobile Course Information API Resource
========================================
.. list-table::
:widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Get updates for a course<Get Course Updates>`
- GET
- /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/updates
* - :ref:`Get handouts for a course<Get Course Handouts>`
- GET
- /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/handouts
=====================================
Mobile Video Outlines API Resource
=====================================
.. list-table::
:widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Get videos in a course<Get the Video List>`
- GET
- /api/mobile/v0.5/video_outlines/courses/{organization}/{course_number}/{course_run}
* - :ref:`Get a video transcript<Get a Video Transcript>`
- GET
- /api/mobile/v0.5/video_outlines/transcripts/{organization}/{course_number}/{course_run}/{video ID}/{language code}
\ No newline at end of file
...@@ -2,12 +2,12 @@ ...@@ -2,12 +2,12 @@
Mobile User API Mobile User API
#################################### ####################################
This page describes how to use the Mobile User API to complete With the Mobile User API resource, you can complete the following tasks.
these actions:
* `Get User Details`_ * - :ref:`Get details about a user<Get User Details>`.
* `Get a User's Course Enrollments`_ * - :ref:`Get course enrollments for a user<Get a User's Course Enrollments>`.
* `Get or Change User Status in a Course`_ * - :ref:`Get a user's status in a course<Get or Change User Status in a Course>`.
* - :ref:`Change a user's status in a course<Get or Change User Status in a Course>`.
.. _Get User Details: .. _Get User Details:
......
...@@ -70,8 +70,4 @@ Get the Video List ...@@ -70,8 +70,4 @@ Get the Video List
Get a Video Transcript Get a Video Transcript
*********************** ***********************
.. autoclass:: mobile_api.video_outlines.views.VideoTranscripts .. autoclass:: mobile_api.video_outlines.views.VideoTranscripts
\ No newline at end of file
**Response Values**
An HttpResponse with an SRT file download.
\ No newline at end of file
################################################
Profile Images API Endpoints
################################################
You use the Profile Images API to upload or remove profile images.
If you have staff access, you can remove profile images from any user
account.
The following tasks and endpoints are currently supported.
.. list-table::
:widths: 10 70
:header-rows: 1
* - To:
- Use this endpoint:
* - :ref:`Upload a profile image <Upload a Profile Image>`
- POST /api/profile_images/v1/{username}/upload
* - :ref:`Remove profile images <Remove Profile Images>`
- POST /api/profile_images/v1/{username}/remove
...@@ -8,5 +8,4 @@ Profile Images API Version 1.0 ...@@ -8,5 +8,4 @@ Profile Images API Version 1.0
:maxdepth: 2 :maxdepth: 2
overview overview
endpoints
profile_images profile_images
...@@ -9,16 +9,27 @@ The requesting user can upload or remove his or her own profile image. ...@@ -9,16 +9,27 @@ The requesting user can upload or remove his or her own profile image.
Users with staff access can remove profile images from any user account. Users with staff access can remove profile images from any user account.
************************************* *************************************
Profile Images API Version 1.0 Profile Images API Version and Status
************************************* *************************************
The Profile Images API is currently at version 1.0. The Profile Images API is currently at version 1.0.
********************************************** **********************************************
Profile Images API Capabilities Profile Images API Endpoints
********************************************** **********************************************
With the Profile Images API, you can complete these tasks. The Profile Images API supports the following tasks, methods, and endpoints.
* :ref:`Upload profile images <Upload a Profile Image>` .. list-table::
* :ref:`Remove profile images <Remove Profile Images>` :widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Upload a profile image <Upload a Profile Image>`
- POST
- /api/profile_images/v1/{username}/upload
* - :ref:`Remove a profile image <Remove a Profile Image>`
- POST
- /api/profile_images/v1/{username}/remove
\ No newline at end of file
...@@ -4,11 +4,10 @@ ...@@ -4,11 +4,10 @@
Profile Images API Profile Images API
################################################## ##################################################
This page contains information on using the Profile Images API to complete You can use the Profile Images API to complete the following tasks.
the following actions.
* `Upload a Profile Image`_ * - :ref:`Upload a profile image <Upload a Profile Image>`.
* `Remove Profile Images`_ * - :ref:`Remove profile images <Remove a Profile Image>`.
.. _Upload a Profile Image: .. _Upload a Profile Image:
...@@ -18,7 +17,7 @@ Upload a Profile Image ...@@ -18,7 +17,7 @@ Upload a Profile Image
.. autoclass:: profile_images.views.ProfileImageUploadView .. autoclass:: profile_images.views.ProfileImageUploadView
**Example response** **Example Response**
.. code-block:: json .. code-block:: json
...@@ -26,15 +25,15 @@ Upload a Profile Image ...@@ -26,15 +25,15 @@ Upload a Profile Image
No Content No Content
.. _Remove Profile Images: .. _Remove a Profile Image:
************************************************** **************************************************
Remove Profile Images Remove a Profile Image
************************************************** **************************************************
.. autoclass:: profile_images.views.ProfileImageRemoveView .. autoclass:: profile_images.views.ProfileImageRemoveView
**Example response** **Example Response**
.. code-block:: json .. code-block:: json
......
...@@ -15,129 +15,7 @@ complete the following actions. ...@@ -15,129 +15,7 @@ complete the following actions.
Get and Update the User's Account Information Get and Update the User's Account Information
********************************************** **********************************************
.. .. autoclass:: user_api.accounts.views.AccountView .. autoclass:: user_api.accounts.views.AccountView
**Use Cases**
Get or update a user's account information. Updates are supported only through
merge patch.
**Example Requests**:
GET /api/user/v1/accounts/{username}/[?view=shared]
PATCH /api/user/v1/accounts/{username}/{"key":"value"} "application/merge-patch+json"
**Response Values for GET**
If the user makes the request for her own account, or makes a request for
another account and has "is_staff" access, the response contains:
* username: The username associated with the account.
* name: The full name of the user.
* email: email for the user (the new email address must be confirmed via a
confirmation email, so GET will not reflect the change until the address has
been confirmed).
* date_joined: The date the account was created, in the string format provided
by datetime. For example, "2014-08-26T17:52:11Z".
* gender: One of the following values:
* "m"
* "f"
* "o"
* null
* year_of_birth: The year the user was born, as an integer, or null.
* level_of_education: One of the following values:
* "p": PhD or Doctorate
* "m": Master's or professional degree
* "b": Bachelor's degree
* "a": Associate's degree
* "hs": Secondary/high school
* "jhs": Junior secondary/junior high/middle school
* "el": Elementary/primary school
* "none": None
* "o": Other
* null: The user did not enter a value.
* language: The user's preferred language, or null.
* country: null (not set), or a Country corresponding to one of the ISO 3166-1
countries.
* country: A ISO 3166 country code or null.
* mailing_address: The textual representation of the user's mailing address, or
null.
* goals: The textual representation of the user's goals, or null.
* bio: null or textural representation of user biographical information ("about
me").
* is_active: boolean representation of whether a user is active.
* profile_image: JSON representation of a user's profile image information. The
keys are: the user's profile image:
* "has_image": boolean indicating whether the user has a profile image.
* "image_url_*": absolute URL to various sizes of a user's profile image, where
'*' matches a representation of the corresponding image size such as 'small',
'medium', 'large', and 'full'. These are configurable via
PROFILE_IMAGE_SIZES_MAP.
* requires_parental_consent: true if the user is a minor requiring parental
consent.
* language_proficiencies: array of language preferences. Each preference is a
JSON object with the following keys:
* "code": string ISO 639-1 language code e.g. "en".
For all text fields, clients rendering the values should take care to HTML
escape them to avoid script injections, as the data is stored
exactly as specified. The intention is that plain text is
supported, not HTML.
If a user who does not have "is_staff" access requests account information for
a different user, only a subset of these fields is returned. The fields
returned depend on the configuration setting ACCOUNT_VISIBILITY_CONFIGURATION,
and the visibility preference of the user for whom data is requested.
Note that a user can view which account fields they have shared with other
users by requesting their own username and providing the url parameter
"view=shared".
If no user exists with the specified username, a 404 error is returned.
**Response Values for PATCH**
Users can only modify their own account information. If the requesting user
does not have username "username", this method will return with a status of 403
for staff access but a 404 for ordinary users to avoid leaking the existence of
the account.
If no user exists with the specified username, a 404 error is returned.
If "application/merge-patch+json" is not the specified content type, a 415
error is returned.
If the update could not be completed due to validation errors, this method
returns a 400 error with all error messages in the "field_errors" field of the
returned JSON.
If the update could not be completed due to a failure at the time of the
update, a 400 error is returned with specific errors in the returned JSON
collection.
If the update is successful, a 204 status is returned with no additional
content.
**Example response showing the user's account information** **Example response showing the user's account information**
...@@ -153,11 +31,11 @@ content. ...@@ -153,11 +31,11 @@ content.
"name": "John Doe", "name": "John Doe",
"language": "", "language": "",
"gender": "m", "gender": "m",
"year_of_birth": 2007, "year_of_birth": 1997,
"level_of_education": "m", "level_of_education": "m",
"goals": "Professional Development", "goals": "Professional Development",
"country": US, "country": US,
"mailing_address": "406 Highland Ave., Somerville, MA 02144", "mailing_address": "123 Main Street, Anytown, MA 02144",
"email": "johndoe@company.com", "email": "johndoe@company.com",
"date_joined": "2015-03-18T13:42:40Z" "date_joined": "2015-03-18T13:42:40Z"
} }
################################################
User API Endpoints
################################################
You use the User API to view information about users and update
your own account.
The following tasks and endpoints are currently supported.
.. list-table::
:widths: 10 70
:header-rows: 1
* - To:
- Use this endpoint:
* - :ref:`Get a user's account information <Get and Update the User's
Account Information>`
- GET /api/user/v1/accounts/{username}/[?view=shared]
* - :ref:`Update your account information <Get and Update the User's Account
Information>`
- PATCH /api/user/v1/accounts/{username}/{“key”:”value”}
* - :ref:`Get a user's preferences information <Get and Update the User's
Preferences Information>`
- GET /api/user/v1/preferences/{username}/
* - :ref:`Update a user's preferences information <Get and Update the User's
Preferences Information>`
- PATCH /api/user/v1/preferences/{username}/
* - :ref:`Get a specific preference <Get Update or Delete a Specific
Preference>`
- GET /api/user/v1/preferences/{username}/{preference_key}
* - :ref:`Update a specific preference <Get Update or Delete a Specific
Preference>`
- PUT /api/user/v1/preferences/{username}/{preference_key}
* - :ref:`Delete a specific preference <Get Update or Delete a Specific
Preference>`
- DELETE /api/user/v1/preferences/{username}/{preference_key}
...@@ -8,6 +8,5 @@ User API Version 1.0 ...@@ -8,6 +8,5 @@ User API Version 1.0
:maxdepth: 2 :maxdepth: 2
overview overview
endpoints
accounts accounts
preferences preferences
...@@ -7,21 +7,67 @@ Use the User API to view and update account and preference information. ...@@ -7,21 +7,67 @@ Use the User API to view and update account and preference information.
You can use the User API for web, desktop, and mobile applications. You can use the User API for web, desktop, and mobile applications.
************************************* *************************************
User API Version 1.0 User API Version and Status
************************************* *************************************
The User API is currently at version 1.0. We plan on making The User API is currently at version 1.0. We plan on making
significant enhancements to this API. significant enhancements to this API.
********************************************** **********************************************
User API Capabilities User API Resources and Endpoints
********************************************** **********************************************
With the User API, you can complete these tasks. The User API supports the following resources, tasks, methods, and endpoints.
* :ref:`Get and update the users' account information <Get and Update the =============================
User's Account Information>` User Accounts API Resource
* :ref:`Get and update the user's preferences information <Get and Update the =============================
User's Preferences Information>`
* :ref:`Get, update or delete a specific preference: <Get Update or Delete a .. list-table::
Specific Preference>` :widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Get a user's account information <Get and Update the User's
Account Information>`
- GET
- /api/user/v1/accounts/{username}/[?view=shared]
* - :ref:`Update your account information <Get and Update the User's Account
Information>`
- PATCH
- /api/user/v1/accounts/{username}/{“key”:”value”}
=============================
User Preferences API Resource
=============================
.. list-table::
:widths: 20 10 70
:header-rows: 1
* - Task
- Method
- Endpoint
* - :ref:`Get a user's preferences information
<Get and Update the User's Preferences Information>`
- GET
- /api/user/v1/preferences/{username}/
* - :ref:`Update a user's preferences information
<Get and Update the User's Preferences Information>`
- PATCH
- /api/user/v1/preferences/{username}/
* - :ref:`Get a specific preference
<Get Update or Delete a Specific Preference>`
- GET
- /api/user/v1/preferences/{username}/{preference_key}
* - :ref:`Update a specific preference
<Get Update or Delete a Specific Preference>`
- PUT
- /api/user/v1/preferences/{username}/{preference_key}
* - :ref:`Delete a specific preference
<Get Update or Delete a Specific Preference>`
- DELETE
- /api/user/v1/preferences/{username}/{preference_key}
...@@ -19,21 +19,20 @@ class CourseUpdatesList(generics.ListAPIView): ...@@ -19,21 +19,20 @@ class CourseUpdatesList(generics.ListAPIView):
Get the content for course updates. Get the content for course updates.
**Example request**: **Example Request**
GET /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/updates GET /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/updates
**Response Values** **Response Values**
A array of course updates. Each course update contains: If the request is successful, the request returns an HTTP 200 "OK"
response along with an array of course updates. Each course update
* date: The date of the course update. contains the following values.
* content: The content, as an HTML string, of the course update. * content: The content, as an HTML string, of the course update.
* date: The date of the course update.
* status: Whether the update is visible or not.
* id: The unique identifier of the update. * id: The unique identifier of the update.
* status: Whether the update is visible or not.
""" """
@mobile_course_access() @mobile_course_access()
...@@ -64,12 +63,15 @@ class CourseHandoutsList(generics.ListAPIView): ...@@ -64,12 +63,15 @@ class CourseHandoutsList(generics.ListAPIView):
Get the HTML for course handouts. Get the HTML for course handouts.
**Example request**: **Example Request**
GET /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/handouts GET /api/mobile/v0.5/course_info/{organization}/{course_number}/{course_run}/handouts
**Response Values** **Response Values**
If the request is successful, the request returns an HTTP 200 "OK"
response along with the following value.
* handouts_html: The HTML for course handouts. * handouts_html: The HTML for course handouts.
""" """
......
...@@ -33,31 +33,30 @@ class UserDetail(generics.RetrieveAPIView): ...@@ -33,31 +33,30 @@ class UserDetail(generics.RetrieveAPIView):
""" """
**Use Case** **Use Case**
Get information about the specified user and Get information about the specified user and access other resources
access other resources the user has permissions for. the user has permissions for.
Users are redirected to this endpoint after logging in. Users are redirected to this endpoint after they sign in.
You can use the **course_enrollments** value in You can use the **course_enrollments** value in the response to get a
the response to get a list of courses the user is enrolled in. list of courses the user is enrolled in.
**Example request**: **Example Request**
GET /api/mobile/v0.5/users/{username} GET /api/mobile/v0.5/users/{username}
**Response Values** **Response Values**
* id: The ID of the user. If the request is successful, the request returns an HTTP 200 "OK" response.
* username: The username of the currently logged in user.
* email: The email address of the currently logged in user. The HTTP 200 response has the following values.
* name: The full name of the currently logged in user. * course_enrollments: The URI to list the courses the currently signed
* course_enrollments: The URI to list the courses the currently logged
in user is enrolled in. in user is enrolled in.
* email: The email address of the currently signed in user.
* id: The ID of the user.
* name: The full name of the currently signed in user.
* username: The username of the currently signed in user.
""" """
queryset = ( queryset = (
User.objects.all() User.objects.all()
...@@ -70,27 +69,36 @@ class UserDetail(generics.RetrieveAPIView): ...@@ -70,27 +69,36 @@ class UserDetail(generics.RetrieveAPIView):
@mobile_view(is_user=True) @mobile_view(is_user=True)
class UserCourseStatus(views.APIView): class UserCourseStatus(views.APIView):
""" """
**Use Case** **Use Cases**
Get or update the ID of the module that the specified user last visited in the specified course. Get or update the ID of the module that the specified user last
visited in the specified course.
**Example request**: **Example Requests**
GET /api/mobile/v0.5/users/{username}/course_status_info/{course_id} GET /api/mobile/v0.5/users/{username}/course_status_info/{course_id}
PATCH /api/mobile/v0.5/users/{username}/course_status_info/{course_id} PATCH /api/mobile/v0.5/users/{username}/course_status_info/{course_id}
body: **PATCH Parameters**
last_visited_module_id={module_id}
modification_date={date} The body of the PATCH request can include the following parameters.
* last_visited_module_id={module_id}
* modification_date={date}
The modification_date is optional. If it is present, the update will only take effect The modification_date parameter is optional. If it is present, the
if the modification_date is later than the modification_date saved on the server. update will only take effect if the modification_date in the
request is later than the modification_date saved on the server.
**Response Values** **Response Values**
* last_visited_module_id: The ID of the last module visited by the user in the course. If the request is successful, the request returns an HTTP 200 "OK" response.
The HTTP 200 response has the following values.
* last_visited_module_id: The ID of the last module that the user
visited in the course.
* last_visited_module_path: The ID of the modules in the path from the * last_visited_module_path: The ID of the modules in the path from the
last visited module to the course module. last visited module to the course module.
""" """
...@@ -199,36 +207,45 @@ class UserCourseEnrollmentsList(generics.ListAPIView): ...@@ -199,36 +207,45 @@ class UserCourseEnrollmentsList(generics.ListAPIView):
""" """
**Use Case** **Use Case**
Get information about the courses the currently logged in user is Get information about the courses that the currently signed in user is
enrolled in. enrolled in.
**Example request**: **Example Request**
GET /api/mobile/v0.5/users/{username}/course_enrollments/ GET /api/mobile/v0.5/users/{username}/course_enrollments/
**Response Values** **Response Values**
* created: The date the course was created. If the request for information about the user is successful, the
* mode: The type of certificate registration for this course: honor or request returns an HTTP 200 "OK" response.
certified.
* is_active: Whether the course is currently active; true or false. The HTTP 200 response has the following values.
* certificate: Information about the user's earned certificate in the course.
* url: URL to the downloadable version of the certificate, if exists.
* course: A collection of data about the course:
* certificate: Information about the user's earned certificate in the
course.
* course: A collection of the following data about the course.
* course_handouts: The URI to get data for course handouts.
* course_image: The path to the course image.
* course_updates: The URI to get data for course updates. * course_updates: The URI to get data for course updates.
* number: The course number.
* org: The organization that created the course.
* video_outline: The URI to get the list of all vides the user can
access in the course.
* id: The unique ID of the course.
* subscription_id: A unique "clean" (alphanumeric with '_') ID of the course.
* latest_updates: Reserved for future use.
* end: The end date of the course. * end: The end date of the course.
* id: The unique ID of the course.
* latest_updates: Reserved for future use.
* name: The name of the course. * name: The name of the course.
* course_handouts: The URI to get data for course handouts. * number: The course number.
* start: The data and time the course starts. * org: The organization that created the course.
* course_image: The path to the course image. * start: The date and time when the course starts.
* subscription_id: A unique "clean" (alphanumeric with '_') ID of
the course.
* video_outline: The URI to get the list of all videos that the user
can access in the course.
* created: The date the course was created.
* is_active: Whether the course is currently active. Possible values
are true or false.
* mode: The type of certificate registration for this course (honor or
certified).
* url: URL to the downloadable version of the certificate, if exists.
""" """
queryset = CourseEnrollment.objects.all() queryset = CourseEnrollment.objects.all()
serializer_class = CourseEnrollmentSerializer serializer_class = CourseEnrollmentSerializer
......
...@@ -30,51 +30,48 @@ class VideoSummaryList(generics.ListAPIView): ...@@ -30,51 +30,48 @@ class VideoSummaryList(generics.ListAPIView):
Get a list of all videos in the specified course. You can use the Get a list of all videos in the specified course. You can use the
video_url value to access the video file. video_url value to access the video file.
**Example request**: **Example Request**
GET /api/mobile/v0.5/video_outlines/courses/{organization}/{course_number}/{course_run} GET /api/mobile/v0.5/video_outlines/courses/{organization}/{course_number}/{course_run}
**Response Values** **Response Values**
An array of videos in the course. For each video: If the request is successful, the request returns an HTTP 200 "OK"
response along with an array of videos in the course. The array
includes the following information for each video.
* section_url: The URL to the first page of the section that * named_path: An array that consists of the display names of the
contains the video in the Learning Management System.
* path: An array containing category, name, and id values specifying the
complete path the the video in the courseware hierarchy. The
following categories values are included: "chapter", "sequential",
and "vertical". The name value is the display name for that object.
* unit_url: The URL to the unit contains the video in the Learning
Management System.
* named_path: An array consisting of the display names of the
courseware objects in the path to the video. courseware objects in the path to the video.
* path: An array that specifies the complete path to the video in
the courseware hierarchy. The array contains the following
values.
* summary: An array of data about the video that includes: * category: The type of division in the course outline.
Possible values are "chapter", "sequential", and "vertical".
* category: The type of component, in this case always "video". * name: The display name for the object.
* id: The The unique identifier for the video.
* video_thumbnail_url: The URL to the thumbnail image for the * section_url: The URL to the first page of the section that
video, if available. contains the video in the Learning Management System.
* summary: An array of data about the video that includes the
following values.
* category: The type of component. This value will always be "video".
* duration: The length of the video, if available.
* id: The unique identifier for the video.
* language: The language code for the video. * language: The language code for the video.
* name: The display name of the video. * name: The display name of the video.
* size: The size of the video file.
* video_url: The URL to the video file. Use this value to access
the video.
* duration: The length of the video, if available.
* transcripts: An array of language codes and URLs to available * transcripts: An array of language codes and URLs to available
video transcripts. Use the URL value to access a transcript video transcripts. Use the URL value to access a transcript
for the video. for the video.
* video_thumbnail_url: The URL to the thumbnail image for the
video, if available.
* video_url: The URL to the video file. Use this value to access
the video.
* id: The unique identifier for the video. * unit_url: The URL to the unit that contains the video in the Learning
Management System.
* size: The size of the video file
""" """
@mobile_course_access(depth=None) @mobile_course_access(depth=None)
...@@ -97,15 +94,16 @@ class VideoTranscripts(generics.RetrieveAPIView): ...@@ -97,15 +94,16 @@ class VideoTranscripts(generics.RetrieveAPIView):
""" """
**Use Case** **Use Case**
Use to get a transcript for a specified video and language. Get a transcript for a specified video and language.
**Example request**: **Example request**
GET /api/mobile/v0.5/video_outlines/transcripts/{organization}/{course_number}/{course_run}/{video ID}/{language code} GET /api/mobile/v0.5/video_outlines/transcripts/{organization}/{course_number}/{course_run}/{video ID}/{language code}
**Response Values** **Response Values**
An HttpResponse with an SRT file download. If the request is successful, the request returns an HTTP 200 "OK"
response along with an .srt file that you can download.
""" """
......
...@@ -29,7 +29,7 @@ LOG_MESSAGE_DELETE = 'Deleted images %(image_names)s for user %(user_id)s' ...@@ -29,7 +29,7 @@ LOG_MESSAGE_DELETE = 'Deleted images %(image_names)s for user %(user_id)s'
def _make_upload_dt(): def _make_upload_dt():
""" """
Generate a server-side timestamp for the upload. This is in a separate Generate a server-side timestamp for the upload. This is in a separate
function so its behavior can be overridden in tests. function so its behavior can be overridden in tests.
""" """
return datetime.datetime.utcnow().replace(tzinfo=utc) return datetime.datetime.utcnow().replace(tzinfo=utc)
...@@ -37,35 +37,36 @@ def _make_upload_dt(): ...@@ -37,35 +37,36 @@ def _make_upload_dt():
class ProfileImageUploadView(APIView): class ProfileImageUploadView(APIView):
""" """
**Use Cases** **Use Case**
Upload an image to be used for the user's profile. * Upload an image for the user's profile.
The requesting user must be signed in. The signed in user can only The requesting user must be signed in. The signed in user can only
upload his or her own profile image. upload his or her own profile image.
**Example Requests** **Example Request**
POST /api/profile_images/v1/{username}/upload POST /api/profile_images/v1/{username}/upload
**Response for POST** **Example Responses**
If the requesting user tries to upload the image for a different user: When the requesting user tries to upload the image for a different user, the
request returns one of the following responses.
* If the requesting user has staff access, the request returns a 403 * If the requesting user has staff access, the request returns an HTTP 403
error. "Forbidden" response.
* If the requesting user does not have staff access, the request returns * If the requesting user does not have staff access, the request returns
a 404 error. an HTTP 404 "Not Found" response.
If no user matches the "username" parameter, the request returns a 404 * If no user matches the "username" parameter, the request returns an HTTP
error. 404 "Not Found" response.
If the upload could not be performed, the request returns a 400 error is * If the upload could not be performed, the request returns an HTTP 400 "Bad
with details. Request" response with more information.
If the upload is successful, the request returns a 204 status with no * If the upload is successful, the request returns an HTTP 204 "No Content"
additional content. response with no additional content.
""" """
parser_classes = (MultiPartParser, FormParser,) parser_classes = (MultiPartParser, FormParser,)
...@@ -123,34 +124,38 @@ class ProfileImageUploadView(APIView): ...@@ -123,34 +124,38 @@ class ProfileImageUploadView(APIView):
class ProfileImageRemoveView(APIView): class ProfileImageRemoveView(APIView):
""" """
**Use Cases** **Use Case**
Remove all of the profile images associated with the user's account. * Remove all of the profile images associated with the user's account.
The requesting user must be signed in. The requesting user must be signed in.
Users with staff access can remove profile images for other user Users with staff access can remove profile images for other user
accounts. accounts.
Users without staff access can only remove their own profile images. Users without staff access can only remove their own profile images.
**Example Requests** **Example Request**
POST /api/profile_images/v1/{username}/remove POST /api/profile_images/v1/{username}/remove
**Response for POST** **Example Responses**
Requesting users who do not have staff access and try to remove another When the requesting user tries to remove the profile image for a different user, the
user's profile image receive a 404 error. request returns one of the following responses.
If no user matches the "username" parameter, the request returns a 404 * If the user does not have staff access, the request returns an HTTP
error. 404 "Not Found" response.
If the request could not remove the image, the request returns a 400 * If no user matches the "username" parameter, the request returns an HTTP
error with details. 404 "Not Found" response.
* If the image could not be removed, the request returns an HTTP 400 "Bad
Request" response with more information.
* If the request successfully removes the image, the request returns an
HTTP 204 "No Content" response with no additional content.
If the request successfully removes the image, the request returns a 204
status with no additional content.
""" """
authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser) authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser)
......
...@@ -27,7 +27,7 @@ class AccountView(APIView): ...@@ -27,7 +27,7 @@ class AccountView(APIView):
Get or update a user's account information. Updates are supported Get or update a user's account information. Updates are supported
only through merge patch. only through merge patch.
**Example Requests**: **Example Requests**
GET /api/user/v1/accounts/{username}/[?view=shared] GET /api/user/v1/accounts/{username}/[?view=shared]
...@@ -35,29 +35,36 @@ class AccountView(APIView): ...@@ -35,29 +35,36 @@ class AccountView(APIView):
**Response Values for GET** **Response Values for GET**
If the user makes the request for her own account, or makes a If no user exists with the specified username, an HTTP 404 "Not
request for another account and has "is_staff" access, the response Found" response is returned.
contains:
* username: The username associated with the account.
* name: The full name of the user.
* email: email for the user (the new email address must be confirmed If the user makes the request for her own account, or makes a
via a confirmation email, so GET will not reflect the change until request for another account and has "is_staff" access, an HTTP 200
the address has been confirmed). "OK" response is returned. The response contains the following
values.
* bio: null or textual representation of user biographical
information ("about me").
* country: An ISO 3166 country code or null.
* date_joined: The date the account was created, in the string * date_joined: The date the account was created, in the string
format provided by datetime. For example, "2014-08-26T17:52:11Z". format provided by datetime. For example, "2014-08-26T17:52:11Z".
* email: Email address for the user. New email addresses must be confirmed
via a confirmation email, so GET does not reflect the change until
the address has been confirmed.
* gender: One of the following values: * gender: One of the following values:
* "m" * null
* "f" * "f"
* "m"
* "o" * "o"
* null
* year_of_birth: The year the user was born, as an integer, or null. * goals: The textual representation of the user's goals, or null.
* is_active: Boolean representation of whether a user is active.
* language: The user's preferred language, or null.
* language_proficiencies: Array of language preferences. Each
preference is a JSON object with the following keys:
* "code": string ISO 639-1 language code e.g. "en".
* level_of_education: One of the following values: * level_of_education: One of the following values:
...@@ -70,86 +77,65 @@ class AccountView(APIView): ...@@ -70,86 +77,65 @@ class AccountView(APIView):
* "el": Elementary/primary school * "el": Elementary/primary school
* "none": None * "none": None
* "o": Other * "o": Other
* null: The user did not enter a value. * null: The user did not enter a value
* language: The user's preferred language, or null.
* country: null (not set), or a Country corresponding to one of the
ISO 3166-1 countries.
* country: A ISO 3166 country code or null.
* mailing_address: The textual representation of the user's mailing * mailing_address: The textual representation of the user's mailing
address, or null. address, or null.
* name: The full name of the user.
* profile_image: A JSON representation of a user's profile image
information. This representation has the following keys.
* goals: The textual representation of the user's goals, or null. * "has_image": Boolean indicating whether the user has a profile
* bio: null or textural representation of user biographical
information ("about me").
* is_active: boolean representation of whether a user is active.
* profile_image: JSON representation of a user's profile image
information. The keys are: the user's profile image:
* "has_image": boolean indicating whether the user has a profile
image. image.
* "image_url_*": Absolute URL to various sizes of a user's
* "image_url_*": absolute URL to various sizes of a user's
profile image, where '*' matches a representation of the profile image, where '*' matches a representation of the
corresponding image size such as 'small', 'medium', 'large', corresponding image size, such as 'small', 'medium', 'large',
and 'full'. These are configurable via and 'full'. These are configurable via PROFILE_IMAGE_SIZES_MAP.
PROFILE_IMAGE_SIZES_MAP.
* requires_parental_consent: true if the user is a minor
requiring parental consent.
* language_proficiencies: array of language preferences. Each * requires_parental_consent: True if the user is a minor
preference is a JSON object with the following keys: requiring parental consent.
* username: The username associated with the account.
* "code": string ISO 639-1 language code e.g. "en". * year_of_birth: The year the user was born, as an integer, or null.
For all text fields, clients rendering the values should take care For all text fields, plain text instead of HTML is supported. The
to HTML escape them to avoid script injections, as the data is data is stored exactly as specified. Clients must HTML escape
stored exactly as specified. The intention is that plain text is rendered values to avoid script injections.
supported, not HTML.
If a user who does not have "is_staff" access requests account If a user who does not have "is_staff" access requests account
information for a different user, only a subset of these fields is information for a different user, only a subset of these fields is
returned. The fields returned depend on the configuration setting returned. The returns fields depend on the
ACCOUNT_VISIBILITY_CONFIGURATION, and the visibility preference of the ACCOUNT_VISIBILITY_CONFIGURATION configuration setting and the
user for whom data is requested. visibility preference of the user for whom data is requested.
Note that a user can view which account fields they have shared with
other users by requesting their own username and providing the url
parameter "view=shared".
If no user exists with the specified username, a 404 error is Note that a user can view which account fields they have shared
returned. with other users by requesting their own username and providing
the "view=shared" URL parameter.
**Response Values for PATCH** **Response Values for PATCH**
Users can only modify their own account information. If the Users can only modify their own account information. If the
requesting user does not have username "username", this method will requesting user does not have the specified username and has staff
return with a status of 403 for staff access but a 404 for ordinary access, the request returns an HTTP 403 "Forbidden" response. If
users to avoid leaking the existence of the account. the requesting user does not have staff access, the request
returns an HTTP 404 "Not Found" response to avoid revealing the
existence of the account.
If no user exists with the specified username, a 404 error is If no user exists with the specified username, an HTTP 404 "Not
returned. Found" response is returned.
If "application/merge-patch+json" is not the specified content type, If "application/merge-patch+json" is not the specified content
a 415 error is returned. type, a 415 "Unsupported Media Type" response is returned.
If the update could not be completed due to validation errors, this If validation errors prevent the update, this method returns a 400
method returns a 400 error with all error messages in the "Bad Request" response that includes a "field_errors" field that
"field_errors" field of the returned JSON. lists all error messages.
If the update could not be completed due to a failure at the time of If a failure at the time of the update prevents the update, a 400
the update, a 400 error is returned with specific errors in the "Bad Request" error is returned. The JSON collection contains
returned JSON collection. specific errors.
If the update is successful, a 204 status is returned with no If the update is successful, an HTTP 204 "No Content" response is
additional content. returned with no additional content.
""" """
authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser) authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser)
permission_classes = (permissions.IsAuthenticated,) permission_classes = (permissions.IsAuthenticated,)
......
""" """
NOTE: this API is WIP and has not yet been approved. Do not use this API without talking to Christina or Andy. NOTE: this API is WIP and has not yet been approved. Do not use this API
without talking to Christina or Andy.
For more information, see: For more information, see:
https://openedx.atlassian.net/wiki/display/TNL/User+API https://openedx.atlassian.net/wiki/display/TNL/User+API
...@@ -28,60 +29,62 @@ class PreferencesView(APIView): ...@@ -28,60 +29,62 @@ class PreferencesView(APIView):
""" """
**Use Cases** **Use Cases**
Get or update the user's preference information. Updates are only supported through merge patch. Get or update the user's preference information. Updates are only
Preference values of null in a patch request are treated as requests to remove the preference. supported through merge patch. Preference values of null in a
patch request are treated as requests to remove the preference.
**Example Requests**: **Example Requests**
GET /api/user/v1/preferences/{username}/ GET /api/user/v1/preferences/{username}/
PATCH /api/user/v1/preferences/{username}/ with content_type "application/merge-patch+json" PATCH /api/user/v1/preferences/{username}/ with content_type "application/merge-patch+json"
**Response Value for GET** **Response Values for GET**
If no user exists with the specified username, an HTTP 404 "Not
Found" response is returned.
If a user without "is_staff" access requests preferences for a
different user, an HTTP 404 "Not Found" message is returned.
If the user makes the request for her own account, or makes a If the user makes the request for her own account, or makes a
request for another account and has "is_staff" access, the response request for another account and has "is_staff" access, an HTTP 200
contains a JSON dictionary with a key/value pair (of type String) "OK" response is returned. The response contains a JSON dictionary
for each preference. with a key/value pair (of type String) for each preference.
The list of preferences depends on your implementation. By default, The list of preferences depends on your implementation. By default,
preferences include: the list includes the following preferences.
* account_privacy: The user's setting for sharing her personal
profile. Possible values are "all_users" or "private".
* pref-lan: The user's preferred language, as set in account * pref-lan: The user's preferred language, as set in account
settings. settings.
* account_privacy: The user's setting for sharing her personal **Response Values for PATCH**
profile. Possible values are ``all_users`` or ``private``.
If a user without "is_staff" access requests preferences for a
different user, a 404 error is returned.
If the specified username does not exist, a 404 is returned.
**Response for PATCH**
Users can only modify their own preferences. If the requesting user
does not have username "username", this method will return with a
status of 403 for users with staff access but a 404 for ordinary
users to avoid leaking the existence of the account.
This method will also return a 404 if no user exists with username Users can only modify their own preferences. If the
"username". requesting user does not have the specified username and has staff
access, the request returns an HTTP 403 "Forbidden" response. If
the requesting user does not have staff access, the request
returns an HTTP 404 "Not Found" response to avoid revealing the
existence of the account.
If "application/merge-patch+json" is not the specified content_type, If no user exists with the specified username, an HTTP 404 "Not
this method returns a 415 status. Found" response is returned.
If the update could not be completed due to validation errors, this If "application/merge-patch+json" is not the specified content
method returns a 400 with all preference-specific error messages in type, a 415 "Unsupported Media Type" response is returned.
the "field_errors" field of the returned JSON.
If the update could not be completed due to failure at the time of If validation errors prevent the update, this method returns a 400
update, this method returns a 400 with specific errors in the "Bad Request" response that includes a "field_errors" field that
returned JSON. lists all error messages.
If the update is successful, a 204 status is returned with no If a failure at the time of the update prevents the update, a 400
additional content. "Bad Request" error is returned. The JSON collection contains
specific errors.
If the update is successful, an HTTP 204 "No Content" response is
returned with no additional content.
""" """
authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser) authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser)
permission_classes = (permissions.IsAuthenticated, IsUserInUrlOrStaff) permission_classes = (permissions.IsAuthenticated, IsUserInUrlOrStaff)
...@@ -142,7 +145,7 @@ class PreferencesDetailView(APIView): ...@@ -142,7 +145,7 @@ class PreferencesDetailView(APIView):
Get, create, update, or delete a specific user preference. Get, create, update, or delete a specific user preference.
**Example Requests**: **Example Requests**
GET /api/user/v1/preferences/{username}/{preference_key} GET /api/user/v1/preferences/{username}/{preference_key}
...@@ -152,38 +155,45 @@ class PreferencesDetailView(APIView): ...@@ -152,38 +155,45 @@ class PreferencesDetailView(APIView):
**Response Values for GET** **Response Values for GET**
The preference value will be returned as a JSON string. If the specified username or preference does not exist, an HTTP
404 "Not Found" response is returned.
If a user without "is_staff" access has requested preferences for a If a user without "is_staff" access requests preferences for a
different user, this method returns a 404. different user, a 404 error is returned.
If the specified username or preference does not exist, this method If the user makes the request for her own account, or makes a
returns a 404. request for another account and has "is_staff" access, an HTTP 200
"OK" response is returned that contains a JSON string.
**Response Values for PUT** **Response Values for PUT**
A successful put returns a 204 and no content. Users can only modify their own preferences. If the
requesting user does not have the specified username and has staff
Users can only modify their own preferences. If the requesting user access, the request returns an HTTP 403 "Forbidden" response. If
does not have username "username", this method will return with a the requesting user does not have staff access, the request
status of 403 for users with staff access but a 404 for ordinary returns an HTTP 404 "Not Found" response to avoid revealing the
users to avoid leaking the existence of the account. existence of the account.
If the specified preference does not exist, this method returns a If the specified preference does not exist, an HTTP 404 "Not
404. Found" response is returned.
**Response for DELETE** If the request is successful, a 204 "No Content" status is returned
with no additional content.
A successful delete returns a 204 and no content. **Response Values for DELETE**
Users can only delete their own preferences. If the requesting user Users can only delete their own preferences. If the
does not have username "username", this method will return with a requesting user does not have the specified username and has staff
status of 403 for users with staff access but a 404 for ordinary access, the request returns an HTTP 403 "Forbidden" response. If
users to avoid leaking the existence of the account. the requesting user does not have staff access, the request
returns an HTTP 404 "Not Found" response to avoid revealing the
existence of the account.
If the specified preference does not exist, this method returns a If the specified preference does not exist, an HTTP 404 "Not
404. Found" response is returned.
If the update is successful, an HTTP 204 "No Content" response is
returned with no additional content.
""" """
authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser) authentication_classes = (OAuth2AuthenticationAllowInactiveUser, SessionAuthenticationAllowInactiveUser)
permission_classes = (permissions.IsAuthenticated, IsUserInUrlOrStaff) permission_classes = (permissions.IsAuthenticated, IsUserInUrlOrStaff)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment