Permissions: start from scratch and add IsCollectionAdmin permission.

master
Tom Hacohen 5 years ago
parent c30cc2f229
commit 4ca74bc69b

@ -13,53 +13,22 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from rest_framework import permissions from rest_framework import permissions
from journal.models import Journal, JournalMember from django_etesync.models import Collection, AccessLevels
class IsOwnerOrReadOnly(permissions.BasePermission): class IsCollectionAdmin(permissions.BasePermission):
""" """
Custom permission to only allow owners of an object to edit it. Custom permission to only allow owners of a collection to view it
"""
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.owner == request.user
class IsJournalOwner(permissions.BasePermission):
"""
Custom permission to only allow owners of a journal to view it
"""
def has_permission(self, request, view):
journal_uid = view.kwargs['journal_uid']
try:
journal = view.get_journal_queryset().get(uid=journal_uid)
return journal.owner == request.user
except Journal.DoesNotExist:
# If the journal does not exist, we want to 404 later, not permission denied.
return True
class IsMemberReadOnly(permissions.BasePermission):
"""
Custom permission to make a journal read only if a read only member
""" """
message = 'Only collection admins can perform this operation.'
code = 'admin_access_required'
def has_permission(self, request, view): def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS: collection_uid = view.kwargs['collection_uid']
return True
journal_uid = view.kwargs['journal_uid']
try: try:
journal = view.get_journal_queryset().get(uid=journal_uid) collection = view.get_collection_queryset().get(uid=collection_uid)
member = journal.members.get(user=request.user) member = collection.members.filter(user=request.user).first()
return not member.readOnly return (member is not None) and (member.accessLevel == AccessLevels.ADMIN)
except Journal.DoesNotExist: except Collection.DoesNotExist:
# If the journal does not exist, we want to 404 later, not permission denied. # If the collection does not exist, we want to 404 later, not permission denied.
return True
except JournalMember.DoesNotExist:
# Not being a member means we are the owner.
return True return True

Loading…
Cancel
Save