klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-07-12 21:09:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhaced API : look for permissions, automaticly add /{pk}/id, added

Browse Source 
users, groups and clubs
This commit is contained in:
Antoine Bartuccio
2016-08-07 20:32:12 +02:00
parent 1a6373e9ce
commit 2822d947d9
4 changed files with 89 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/views/__init__.py
View File

@ -1,2 +1,34 @@
from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from core.views import can_view, can_edit
class RightManagedModelViewSet(viewsets.ModelViewSet):
@detail_route()
def id(self, request, pk=None):
"""
Get by id (api/v1/router/{pk}/id/)
"""
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(serializer.data)
def dispatch(self, request, *arg, **kwargs):
res = super(RightManagedModelViewSet,
self).dispatch(request, *arg, **kwargs)
obj = self.queryset
user = self.request.user
try:
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method == 'PUSH' and can_edit(obj, user)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied
from .api import *
from .serializers import *