api: allow @permission_required with no object permission
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
a9db538c63
commit
5d37012075
|
@ -1,13 +1,13 @@
|
||||||
"""API Decorators"""
|
"""API Decorators"""
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from typing import Callable
|
from typing import Callable, Optional
|
||||||
|
|
||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.viewsets import ModelViewSet
|
from rest_framework.viewsets import ModelViewSet
|
||||||
|
|
||||||
|
|
||||||
def permission_required(perm: str, *other_perms: str):
|
def permission_required(perm: Optional[str] = None, *other_perms: str):
|
||||||
"""Check permissions for a single custom action"""
|
"""Check permissions for a single custom action"""
|
||||||
|
|
||||||
def wrapper_outter(func: Callable):
|
def wrapper_outter(func: Callable):
|
||||||
|
@ -15,9 +15,10 @@ def permission_required(perm: str, *other_perms: str):
|
||||||
|
|
||||||
@wraps(func)
|
@wraps(func)
|
||||||
def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response:
|
def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response:
|
||||||
obj = self.get_object()
|
if perm:
|
||||||
if not request.user.has_perm(perm, obj):
|
obj = self.get_object()
|
||||||
return self.permission_denied(request)
|
if not request.user.has_perm(perm, obj):
|
||||||
|
return self.permission_denied(request)
|
||||||
for other_perm in other_perms:
|
for other_perm in other_perms:
|
||||||
if not request.user.has_perm(other_perm):
|
if not request.user.has_perm(other_perm):
|
||||||
return self.permission_denied(request)
|
return self.permission_denied(request)
|
||||||
|
|
Reference in a new issue