Commit 8455ff3f authored by Sli's avatar Sli
Browse files

Turned the api readonly and fixed permissions on it

parent da96e9da
Pipeline #124 failed with stage
in 2 minutes and 51 seconds
......@@ -2,10 +2,20 @@ from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
from django.db.models.query import QuerySet
from core.views import can_view, can_edit
class RightManagedModelViewSet(viewsets.ModelViewSet):
def check_if(obj, user, test):
if (isinstance(obj, QuerySet)):
for o in obj:
if (test(o, user) is False):
return False
return True
else:
return test(obj, user)
class RightManagedModelViewSet(viewsets.ReadOnlyModelViewSet):
@detail_route()
def id(self, request, pk=None):
......@@ -22,9 +32,7 @@ class RightManagedModelViewSet(viewsets.ModelViewSet):
obj = self.queryset
user = self.request.user
try:
if (request.method == 'GET' and can_view(obj, user)):
return res
elif (request.method != 'GET' and can_edit(obj, user)):
if (check_if(obj, user, can_view)):
return res
except: pass # To prevent bug with Anonymous user
raise PermissionDenied
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment