50 lines
1.5 KiB
Python
50 lines
1.5 KiB
Python
from rest_framework.permissions import BasePermission
|
|
from rest_framework.exceptions import MethodNotAllowed
|
|
from rest_framework.compat import is_authenticated
|
|
|
|
|
|
class EventSpecificPermissions(BasePermission):
|
|
|
|
perms_map = {
|
|
'GET': [],
|
|
'OPTIONS': [],
|
|
'HEAD': [],
|
|
'POST': ['%(prefix)sadd_%(model_name)s'],
|
|
'PUT': ['%(prefix)schange_%(model_name)s'],
|
|
'PATCH': ['%(prefix)schange_%(model_name)s'],
|
|
'DELETE': ['%(prefix)sdelete_%(model_name)s'],
|
|
}
|
|
|
|
def get_required_permissions(self, method, view, model_cls):
|
|
|
|
if view.event:
|
|
kwargs = {
|
|
'prefix': "event_",
|
|
'model_name': model_cls._meta.model_name
|
|
}
|
|
else:
|
|
kwargs = {
|
|
'prefix': model_cls._meta.app_label+".",
|
|
'model_name': model_cls._meta.model_name
|
|
}
|
|
|
|
if method not in self.perms_map:
|
|
raise MethodNotAllowed(method)
|
|
|
|
return [perm % kwargs for perm in self.perms_map[method]]
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
if hasattr(view, 'get_queryset'):
|
|
queryset = view.get_queryset()
|
|
else:
|
|
queryset = getattr(view, 'queryset', None)
|
|
|
|
perms = self.get_required_permissions(request.method, view,
|
|
queryset.model)
|
|
|
|
return (
|
|
request.user and
|
|
is_authenticated(request.user) and
|
|
request.user.has_perms(perms, view.event)
|
|
)
|