nk20/apps/api/viewsets.py

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later

from django.contrib.contenttypes.models import ContentType
from permission.backends import PermissionBackend
from rest_framework import viewsets
from note_kfet.middlewares import get_current_session


class ReadProtectedModelViewSet(viewsets.ModelViewSet):
    """
    Protect a ModelViewSet by filtering the objects that the user cannot see.
    """

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()

    def get_queryset(self):
        user = self.request.user
        get_current_session().setdefault("permission_mask", 42)
        return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()


class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
    """
    Protect a ReadOnlyModelViewSet by filtering the objects that the user cannot see.
    """

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()

    def get_queryset(self):
        user = self.request.user
        get_current_session().setdefault("permission_mask", 42)
        return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`from django.contrib.contenttypes.models import ContentType`
Restructurate code 2020-03-20 13:43:35 +00:00			`from permission.backends import PermissionBackend`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00			`from rest_framework import viewsets`
:bug: Fix transaction update concurency 2020-08-05 17:42:44 +00:00			`from note_kfet.middlewares import get_current_session`
More optimisation 2020-03-20 00:46:59 +00:00
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00
			`class ReadProtectedModelViewSet(viewsets.ModelViewSet):`
			`"""`
			`Protect a ModelViewSet by filtering the objects that the user cannot see.`
			`"""`

More optimisation 2020-03-20 00:46:59 +00:00			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
Aliases should load really faster 2020-07-30 13:07:30 +00:00			`self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()`

			`def get_queryset(self):`
:bug: Fix transaction update concurency 2020-08-05 17:42:44 +00:00			`user = self.request.user`
			`get_current_session().setdefault("permission_mask", 42)`
:art: Update activity interface 2020-08-03 14:11:05 +00:00			`return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()`
Handle permissions (and it seems working!) 2020-03-18 13:42:35 +00:00

			`class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):`
			`"""`
			`Protect a ReadOnlyModelViewSet by filtering the objects that the user cannot see.`
			`"""`

More optimisation 2020-03-20 00:46:59 +00:00			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
Aliases should load really faster 2020-07-30 13:07:30 +00:00			`self.model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()`

			`def get_queryset(self):`
:bug: Fix transaction update concurency 2020-08-05 17:42:44 +00:00			`user = self.request.user`
			`get_current_session().setdefault("permission_mask", 42)`
:art: Update activity interface 2020-08-03 14:11:05 +00:00			`return self.model.objects.filter(PermissionBackend.filter_queryset(user, self.model, "view")).distinct()`