api: add OwnerFilter

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-21 20:46:59 +02:00
parent d9a788aac8
commit a603f42cc0
3 changed files with 13 additions and 1 deletions

View File

@ -1,9 +1,20 @@
"""API Authorization""" """API Authorization"""
from django.db.models import Model from django.db.models import Model
from django.db.models.query import QuerySet
from rest_framework.filters import BaseFilterBackend
from rest_framework.permissions import BasePermission from rest_framework.permissions import BasePermission
from rest_framework.request import Request from rest_framework.request import Request
class OwnerFilter(BaseFilterBackend):
"""Filter objects by their owner"""
owner_key = "user"
def filter_queryset(self, request: Request, queryset: QuerySet, view) -> QuerySet:
return queryset.filter(**{self.owner_key: request.user})
class OwnerPermissions(BasePermission): class OwnerPermissions(BasePermission):
"""Authorize requests by an object's owner matching the requesting user""" """Authorize requests by an object's owner matching the requesting user"""

View File

@ -18045,6 +18045,7 @@ definitions:
required: required:
- name - name
- slug - slug
- plex_token
type: object type: object
properties: properties:
pk: pk:

View File

@ -46,7 +46,7 @@ export class PlexSourceForm extends ModelForm<PlexSource, string> {
} }
send = (data: PlexSource): Promise<PlexSource> => { send = (data: PlexSource): Promise<PlexSource> => {
data.plexToken = this.plexToken; data.plexToken = this.plexToken || "";
if (this.instance?.slug) { if (this.instance?.slug) {
return new SourcesApi(DEFAULT_CONFIG).sourcesPlexUpdate({ return new SourcesApi(DEFAULT_CONFIG).sourcesPlexUpdate({
slug: this.instance.slug, slug: this.instance.slug,