-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
28 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,37 @@ | ||
from rest_framework.permissions import IsAuthenticated | ||
from rest_framework.permissions import BasePermission | ||
|
||
|
||
class PublicDetailPrivateListing(IsAuthenticated): | ||
class PublicDetailPrivateListing(BasePermission): | ||
|
||
""" | ||
Permission class for our custom use case. | ||
* Always give permission for a ``detail`` request | ||
* Only give permission for ``listing`` request if user is admin of the project | ||
""" | ||
|
||
def has_permission(self, request, view): | ||
if view.detail: | ||
return True | ||
|
||
project = view._get_parent_project() | ||
if view.has_admin_permission(request.user, project): | ||
return True | ||
|
||
|
||
class ListCreateProject(BasePermission): | ||
|
||
""" | ||
Permission class to grant projects listing and project creation. | ||
* Allow access to ``/projects`` (user's projects listing) | ||
""" | ||
|
||
def has_permission(self, request, view): | ||
is_authenticated = super().has_permission(request, view) | ||
if is_authenticated: | ||
if view.basename == 'projects' and any([ | ||
view.action == 'list', | ||
view.action == 'create', # used to create Form in BrowsableAPIRenderer | ||
view.action is None, # needed for BrowsableAPIRenderer | ||
]): | ||
# hitting ``/projects/``, allowing | ||
return True | ||
|
||
if view.detail: | ||
return True | ||
|
||
project = view._get_parent_project() | ||
if view.has_admin_permission(request.user, project): | ||
return True | ||
|
||
return False | ||
if view.basename == 'projects' and any([ | ||
view.action == 'list', | ||
view.action == 'create', # used to create Form in BrowsableAPIRenderer | ||
view.action is None, # needed for BrowsableAPIRenderer | ||
]): | ||
# hitting ``/projects/``, allowing | ||
return True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters