2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# Copyright 2023 © AE UTBM
|
|
|
|
# ae@utbm.fr / ae.info@utbm.fr
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# This file is part of the website of the UTBM Student Association (AE UTBM),
|
|
|
|
# https://ae.utbm.fr.
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# You can find the source code of the website at https://github.com/ae-utbm/sith3
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
2023-04-04 16:39:45 +00:00
|
|
|
# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
|
|
|
|
# SEE : https://raw.githubusercontent.com/ae-utbm/sith3/master/LICENSE
|
|
|
|
# OR WITHIN THE LOCAL FILE "LICENSE"
|
2017-04-24 15:51:12 +00:00
|
|
|
#
|
|
|
|
#
|
|
|
|
|
2016-08-07 18:32:12 +00:00
|
|
|
from django.core.exceptions import PermissionDenied
|
2016-08-19 10:37:30 +00:00
|
|
|
from django.db.models.query import QuerySet
|
2024-06-24 11:07:36 +00:00
|
|
|
from rest_framework import viewsets
|
|
|
|
from rest_framework.decorators import action
|
|
|
|
from rest_framework.response import Response
|
2016-08-07 18:32:12 +00:00
|
|
|
|
2024-06-24 11:07:36 +00:00
|
|
|
from core.views import can_edit, can_view
|
2016-08-07 18:32:12 +00:00
|
|
|
|
2018-10-04 19:29:19 +00:00
|
|
|
|
2016-08-19 10:37:30 +00:00
|
|
|
def check_if(obj, user, test):
|
2024-07-12 07:34:16 +00:00
|
|
|
"""Detect if it's a single object or a queryset.
|
|
|
|
|
|
|
|
Apply a given test on individual object and return global permission.
|
2016-08-19 12:40:20 +00:00
|
|
|
"""
|
2018-10-04 19:29:19 +00:00
|
|
|
if isinstance(obj, QuerySet):
|
2016-08-19 10:37:30 +00:00
|
|
|
for o in obj:
|
2018-10-04 19:29:19 +00:00
|
|
|
if test(o, user) is False:
|
2016-08-19 10:37:30 +00:00
|
|
|
return False
|
|
|
|
return True
|
|
|
|
else:
|
|
|
|
return test(obj, user)
|
|
|
|
|
2018-10-04 19:29:19 +00:00
|
|
|
|
2016-08-19 12:40:20 +00:00
|
|
|
class ManageModelMixin:
|
2019-10-06 15:59:38 +00:00
|
|
|
@action(detail=True)
|
2016-08-07 18:32:12 +00:00
|
|
|
def id(self, request, pk=None):
|
2024-07-12 07:34:16 +00:00
|
|
|
"""Get by id (api/v1/router/{pk}/id/)."""
|
2016-08-07 18:32:12 +00:00
|
|
|
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
|
|
|
|
serializer = self.get_serializer(self.queryset)
|
|
|
|
return Response(serializer.data)
|
|
|
|
|
2016-08-19 12:40:20 +00:00
|
|
|
|
2018-10-04 19:29:19 +00:00
|
|
|
class RightModelViewSet(ManageModelMixin, viewsets.ModelViewSet):
|
2016-08-07 18:32:12 +00:00
|
|
|
def dispatch(self, request, *arg, **kwargs):
|
2024-06-27 12:46:43 +00:00
|
|
|
res = super().dispatch(request, *arg, **kwargs)
|
2016-08-07 18:32:12 +00:00
|
|
|
obj = self.queryset
|
|
|
|
user = self.request.user
|
|
|
|
try:
|
2018-10-04 19:29:19 +00:00
|
|
|
if request.method == "GET" and check_if(obj, user, can_view):
|
2016-08-19 14:13:40 +00:00
|
|
|
return res
|
2018-10-04 19:29:19 +00:00
|
|
|
if request.method != "GET" and check_if(obj, user, can_edit):
|
2016-08-07 18:32:12 +00:00
|
|
|
return res
|
2018-10-04 19:29:19 +00:00
|
|
|
except:
|
|
|
|
pass # To prevent bug with Anonymous user
|
2016-08-07 18:32:12 +00:00
|
|
|
raise PermissionDenied
|
|
|
|
|
|
|
|
|
2016-08-04 22:50:48 +00:00
|
|
|
from .api import *
|
2016-08-19 14:13:40 +00:00
|
|
|
from .club import *
|
2024-06-24 11:07:36 +00:00
|
|
|
from .counter import *
|
2016-08-19 14:13:40 +00:00
|
|
|
from .group import *
|
2018-10-04 19:29:19 +00:00
|
|
|
from .launderette import *
|
2022-08-07 14:08:56 +00:00
|
|
|
from .sas import *
|
2024-06-24 11:07:36 +00:00
|
|
|
from .user import *
|
|
|
|
from .uv import *
|