__init__.py 2.48 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
# -*- coding:utf-8 -*
#
# Copyright 2016,2017
# - Skia <skia@libskia.so>
#
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
# http://ae.utbm.fr.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License a published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
# Place - Suite 330, Boston, MA 02111-1307, USA.
#
#

25 26 27 28
from rest_framework.response import Response
from rest_framework import viewsets
from django.core.exceptions import PermissionDenied
from rest_framework.decorators import detail_route
29
from django.db.models.query import QuerySet
30 31 32

from core.views import can_view, can_edit

Sli's avatar
Sli committed
33

34
def check_if(obj, user, test):
Sli's avatar
Sli committed
35 36 37 38
    """
        Detect if it's a single object or a queryset
        aply a given test on individual object and return global permission
    """
Sli's avatar
Sli committed
39
    if isinstance(obj, QuerySet):
40
        for o in obj:
Sli's avatar
Sli committed
41
            if test(o, user) is False:
42 43 44 45 46
                return False
        return True
    else:
        return test(obj, user)

Sli's avatar
Sli committed
47

Sli's avatar
Sli committed
48
class ManageModelMixin:
49 50 51 52 53 54 55 56 57
    @detail_route()
    def id(self, request, pk=None):
        """
            Get by id (api/v1/router/{pk}/id/)
        """
        self.queryset = get_object_or_404(self.queryset.filter(id=pk))
        serializer = self.get_serializer(self.queryset)
        return Response(serializer.data)

Sli's avatar
Sli committed
58

Sli's avatar
Sli committed
59
class RightModelViewSet(ManageModelMixin, viewsets.ModelViewSet):
60
    def dispatch(self, request, *arg, **kwargs):
Sli's avatar
Sli committed
61
        res = super(RightModelViewSet, self).dispatch(request, *arg, **kwargs)
62 63 64
        obj = self.queryset
        user = self.request.user
        try:
Sli's avatar
Sli committed
65
            if request.method == "GET" and check_if(obj, user, can_view):
66
                return res
Sli's avatar
Sli committed
67
            if request.method != "GET" and check_if(obj, user, can_edit):
68
                return res
Sli's avatar
Sli committed
69 70
        except:
            pass  # To prevent bug with Anonymous user
71 72 73
        raise PermissionDenied


Sli's avatar
Sli committed
74
from .api import *
75 76 77 78
from .counter import *
from .user import *
from .club import *
from .group import *
Sli's avatar
Sli committed
79
from .launderette import *