Sith/api/views/__init__.py

53 lines
1.6 KiB
Python

from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from django.db.models.query import QuerySet
from core.views import can_view, can_edit
def check_if(obj, user, test):
"""
Detect if it's a single object or a queryset
aply a given test on individual object and return global permission
"""
if (isinstance(obj, QuerySet)):
for o in obj:
if (test(o, user) is False):
return False
return True
else:
return test(obj, user)
class ManageModelMixin:
@detail_route()
def id(self, request, pk=None):
"""
Get by id (api/v1/router/{pk}/id/)
"""
self.queryset = get_object_or_404(self.queryset.filter(id=pk))
serializer = self.get_serializer(self.queryset)
return Response(serializer.data)
class RightModelViewSet(ManageModelMixin, viewsets.ModelViewSet):
def dispatch(self, request, *arg, **kwargs):
res = super(RightModelViewSet,
self).dispatch(request, *arg, **kwargs)
obj = self.queryset
user = self.request.user
try:
if (request.method == 'GET' and check_if(obj, user, can_view)):
return res
if (request.method != 'GET' and check_if(obj, user, can_edit)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied
from .api import *
from .counter import *
from .user import *
from .club import *
from .group import *
from .launderette import *