klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2024-11-22 14:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Turned the api readonly and fixed permissions on it

Browse Source
This commit is contained in:
Antoine Bartuccio 2016-08-19 12:37:30 +02:00
parent da96e9da84
commit 8455ff3f7b
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/views/__init__.py
View File

@ -2,10 +2,20 @@ from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from django.db.models.query import QuerySet
from core.views import can_view, can_edit
class RightManagedModelViewSet(viewsets.ModelViewSet):
def check_if(obj, user, test):
if (isinstance(obj, QuerySet)):
for o in obj:
if (test(o, user) is False):
return False
return True
else:
return test(obj, user)
class RightManagedModelViewSet(viewsets.ReadOnlyModelViewSet):
@detail_route()
def id(self, request, pk=None):
@ -22,9 +32,7 @@ class RightManagedModelViewSet(viewsets.ModelViewSet):
obj = self.queryset
user = self.request.user
try:
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method != 'GET' and can_edit(obj, user)):
if (check_if(obj, user, can_view)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied