1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-01-19 06:31:20 +00:00
nk20/apps/api/viewsets.py

38 lines
1.4 KiB
Python
Raw Normal View History

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from django.contrib.contenttypes.models import ContentType
2020-03-20 14:43:35 +01:00
from permission.backends import PermissionBackend
from rest_framework import viewsets
from note_kfet.middlewares import get_current_session
2020-03-20 01:46:59 +01:00
class ReadProtectedModelViewSet(viewsets.ModelViewSet):
"""
Protect a ModelViewSet by filtering the objects that the user cannot see.
"""
2020-03-20 01:46:59 +01:00
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
2020-07-30 15:07:30 +02:00
self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
def get_queryset(self):
user = self.request.user
get_current_session().setdefault("permission_mask", 42)
2020-08-03 16:11:05 +02:00
return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
"""
Protect a ReadOnlyModelViewSet by filtering the objects that the user cannot see.
"""
2020-03-20 01:46:59 +01:00
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
2020-07-30 15:07:30 +02:00
self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
def get_queryset(self):
user = self.request.user
get_current_session().setdefault("permission_mask", 42)
2020-08-03 16:11:05 +02:00
return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()