Skip to content
Snippets Groups Projects
Commit 11a83b1e authored by Alexandre Bourlier's avatar Alexandre Bourlier
Browse files

bugfix: AnonymousReadOnly

parent 10c7a2f0
No related branches found
Tags v0.8.0-beta.1
1 merge request!70bugfix: AnonymousReadOnly
Pipeline #964 passed
Hide whitespace changes
Inline Side-by-side
djangoldp/permissions.py
+ 8
11
View file @ 11a83b1e
...@@ -80,10 +80,10 @@ class InboxPermissions(WACPermissions): ...@@ -80,10 +80,10 @@ class InboxPermissions(WACPermissions):
return super().has_object_permission(request, view, obj) return super().has_object_permission(request, view, obj)
def user_permissions(self, user, obj): def user_permissions(self, user, obj):
if user.is_anonymous: if user.is_anonymous():
return self.anonymous_perms return self.anonymous_perms
else: else:
if Model.get_meta(obj, 'auto_author') == user: if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == user:
return self.author_perms return self.author_perms
else: else:
return self.authenticated_perms return self.authenticated_perms
...@@ -114,18 +114,15 @@ class AnonymousReadOnly(WACPermissions): ...@@ -114,18 +114,15 @@ class AnonymousReadOnly(WACPermissions):
elif view.action in ["list", "retrieve"]: elif view.action in ["list", "retrieve"]:
return True return True
elif view.action in ['update', 'partial_update', 'destroy']: elif view.action in ['update', 'partial_update', 'destroy']:
if hasattr(obj._meta, 'auto_author'): if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == request.user:
author = getattr(obj, obj._meta.auto_author) return True
if author == request.user: return super().has_object_permission(request, view, obj)
return True
else:
return super().has_object_permission(request, view, obj)
def user_permissions(self, user, obj): def user_permissions(self, user, obj):
if user.is_anonymous: if user.is_anonymous():
return self.anonymous_perms return self.anonymous_perms
else: else:
if Model.get_meta(obj, 'auto_author') == user: if hasattr(obj._meta, 'auto_author') and getattr(obj, Model.get_meta(obj, 'auto_author')) == user:
return self.author_perms return self.author_perms
else: else:
return self.authenticated_perms return self.authenticated_perms
...@@ -153,7 +150,7 @@ class LoggedReadOnly(WACPermissions): ...@@ -153,7 +150,7 @@ class LoggedReadOnly(WACPermissions):
return super().has_object_permission(request, view, obj) return super().has_object_permission(request, view, obj)
def user_permissions(self, user, obj): def user_permissions(self, user, obj):
if user.is_anonymous: if user.is_anonymous():
return self.anonymous_perms return self.anonymous_perms
else: else:
return self.authenticated_perms return self.authenticated_perms
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment