Compare commits
1 commit
master
...
Aufinal/se
Author | SHA1 | Date | |
---|---|---|---|
|
1d491e3d26 |
2 changed files with 53 additions and 0 deletions
50
api/backends.py
Normal file
50
api/backends.py
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
from rest_framework.permissions import BasePermission
|
||||||
|
from rest_framework.exceptions import MethodNotAllowed
|
||||||
|
from rest_framework.compat import is_authenticated
|
||||||
|
|
||||||
|
|
||||||
|
class EventSpecificPermissions(BasePermission):
|
||||||
|
|
||||||
|
perms_map = {
|
||||||
|
'GET': [],
|
||||||
|
'OPTIONS': [],
|
||||||
|
'HEAD': [],
|
||||||
|
'POST': ['%(prefix)sadd_%(model_name)s'],
|
||||||
|
'PUT': ['%(prefix)schange_%(model_name)s'],
|
||||||
|
'PATCH': ['%(prefix)schange_%(model_name)s'],
|
||||||
|
'DELETE': ['%(prefix)sdelete_%(model_name)s'],
|
||||||
|
}
|
||||||
|
|
||||||
|
def get_required_permissions(self, method, view, model_cls):
|
||||||
|
|
||||||
|
if view.event:
|
||||||
|
kwargs = {
|
||||||
|
'prefix': "event_",
|
||||||
|
'model_name': model_cls._meta.model_name
|
||||||
|
}
|
||||||
|
else:
|
||||||
|
kwargs = {
|
||||||
|
'prefix': model_cls._meta.app_label+".",
|
||||||
|
'model_name': model_cls._meta.model_name
|
||||||
|
}
|
||||||
|
|
||||||
|
if method not in self.perms_map:
|
||||||
|
raise MethodNotAllowed(method)
|
||||||
|
|
||||||
|
return [perm % kwargs for perm in self.perms_map[method]]
|
||||||
|
|
||||||
|
def has_permission(self, request, view):
|
||||||
|
|
||||||
|
if hasattr(view, 'get_queryset'):
|
||||||
|
queryset = view.get_queryset()
|
||||||
|
else:
|
||||||
|
queryset = getattr(view, 'queryset', None)
|
||||||
|
|
||||||
|
perms = self.get_required_permissions(request.method, view,
|
||||||
|
queryset.model)
|
||||||
|
|
||||||
|
return (
|
||||||
|
request.user and
|
||||||
|
is_authenticated(request.user) and
|
||||||
|
request.user.has_perms(perms, view.event)
|
||||||
|
)
|
|
@ -12,6 +12,7 @@ from .serializers import (
|
||||||
ActivitySerializer, ActivityTagSerializer, ActivityTemplateSerializer,
|
ActivitySerializer, ActivityTagSerializer, ActivityTemplateSerializer,
|
||||||
EventSerializer, PlaceSerializer,
|
EventSerializer, PlaceSerializer,
|
||||||
)
|
)
|
||||||
|
from api.backends import EventSpecificPermissions
|
||||||
|
|
||||||
User = get_user_model()
|
User = get_user_model()
|
||||||
|
|
||||||
|
@ -59,6 +60,8 @@ class EventSpecificModelViewSet(EventModelViewSet):
|
||||||
Useful for models that extends EventSpecificMixin
|
Useful for models that extends EventSpecificMixin
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
permission_classes = (EventSpecificPermissions,)
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
"""
|
"""
|
||||||
Warning : You may want to override this method
|
Warning : You may want to override this method
|
||||||
|
|
Loading…
Reference in a new issue