Sith/api/views/__init__.py

73 lines
2.0 KiB
Python
Raw Normal View History

#
# Copyright 2023 © AE UTBM
# ae@utbm.fr / ae.info@utbm.fr
#
# This file is part of the website of the UTBM Student Association (AE UTBM),
# https://ae.utbm.fr.
#
# You can find the source code of the website at https://github.com/ae-utbm/sith3
#
# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
# SEE : https://raw.githubusercontent.com/ae-utbm/sith3/master/LICENSE
# OR WITHIN THE LOCAL FILE "LICENSE"
#
#
from django.core.exceptions import PermissionDenied
from django.db.models.query import QuerySet
2024-06-24 11:07:36 +00:00
from rest_framework import viewsets
from rest_framework.decorators import action
from rest_framework.response import Response
2024-06-24 11:07:36 +00:00
from core.views import can_edit, can_view
2018-10-04 19:29:19 +00:00
def check_if(obj, user, test):
2016-08-19 12:40:20 +00:00
"""
2020-08-27 13:59:42 +00:00
Detect if it's a single object or a queryset
aply a given test on individual object and return global permission
2016-08-19 12:40:20 +00:00
"""
2018-10-04 19:29:19 +00:00
if isinstance(obj, QuerySet):
for o in obj:
2018-10-04 19:29:19 +00:00
if test(o, user) is False:
return False
return True
else:
return test(obj, user)
2018-10-04 19:29:19 +00:00
2016-08-19 12:40:20 +00:00
class ManageModelMixin:
@action(detail=True)
def id(self, request, pk=None):
"""
2020-08-27 13:59:42 +00:00
Get by id (api/v1/router/{pk}/id/)
"""
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(serializer.data)
2016-08-19 12:40:20 +00:00
2018-10-04 19:29:19 +00:00
class RightModelViewSet(ManageModelMixin, viewsets.ModelViewSet):
def dispatch(self, request, *arg, **kwargs):
2024-06-27 12:46:43 +00:00
res = super().dispatch(request, *arg, **kwargs)
obj = self.queryset
user = self.request.user
try:
2018-10-04 19:29:19 +00:00
if request.method == "GET" and check_if(obj, user, can_view):
return res
2018-10-04 19:29:19 +00:00
if request.method != "GET" and check_if(obj, user, can_edit):
return res
2018-10-04 19:29:19 +00:00
except:
pass # To prevent bug with Anonymous user
raise PermissionDenied
2016-08-04 22:50:48 +00:00
from .api import *
from .club import *
2024-06-24 11:07:36 +00:00
from .counter import *
from .group import *
2018-10-04 19:29:19 +00:00
from .launderette import *
from .sas import *
2024-06-24 11:07:36 +00:00
from .user import *
from .uv import *