django-orchestra/orchestra/permissions/api.py

29 lines
1,003 B
Python
Raw Normal View History

from django.urls import resolve
2014-05-08 16:59:35 +00:00
from rest_framework.permissions import DjangoModelPermissions
class OrchestraPermissionBackend(DjangoModelPermissions):
""" Permissions according to each user """
2014-05-08 16:59:35 +00:00
def has_permission(self, request, view):
2015-04-23 14:34:04 +00:00
queryset = getattr(view, 'queryset', None)
if queryset is None:
2014-05-08 16:59:35 +00:00
name = resolve(request.path).url_name
return name == 'api-root'
2015-04-23 14:34:04 +00:00
model_cls = queryset.model
2014-05-08 16:59:35 +00:00
perms = self.get_required_permissions(request.method, model_cls)
if (request.user and
request.user.is_authenticated() and
request.user.has_perms(perms, model_cls)):
return True
return False
2014-05-08 16:59:35 +00:00
def has_object_permission(self, request, view, obj):
perms = self.get_required_permissions(request.method, type(obj))
if (request.user and
request.user.is_authenticated() and
request.user.has_perms(perms, obj)):
return True
return False