diff --git a/djangoldp/models.py b/djangoldp/models.py
index f08147cdafbfdefee3df1fb6efdf0a082882ab39..66b5b17c796b09d5a3afa0273e1480159814b47d 100644
--- a/djangoldp/models.py
+++ b/djangoldp/models.py
@@ -86,6 +86,14 @@ class Model(models.Model):
path = "{}/".format(path)
return path
+ @classmethod
+ def get_permission_classes(cls, related_model, default_permissions_classes):
+ try:
+ return getattr(related_model._meta, 'permission_classes',
+ getattr(related_model.Meta, 'permission_classes', default_permissions_classes))
+ except AttributeError:
+ return default_permissions_classes
+
class LDPSource(models.Model):
container = models.URLField()
diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index 00f75d11e97aa551367d123d963735c7cd70a310..7ff76745b1fe461ce1ebff886d58556a5a3d561e 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -1,6 +1,6 @@
-from rest_framework import permissions
-from rest_framework import filters
from guardian.shortcuts import get_objects_for_user
+from rest_framework import filters
+from rest_framework import permissions
"""
Liste des actions passées dans views selon le protocole REST :
@@ -16,6 +16,7 @@ Pour chacune de ces actions, on va définir si on accepte la requête (True) ou
checks have already passed
"""
+
class WACPermissions(permissions.DjangoObjectPermissions):
perms_map = {
'GET': ['%(app_label)s.view_%(model_name)s'],
@@ -43,9 +44,11 @@ class ObjectFilter(filters.BaseFilterBackend):
objects = get_objects_for_user(request.user, perm, klass=queryset)
return objects
+
class ObjectPermission(WACPermissions):
filter_class = ObjectFilter
+
class InboxPermissions(WACPermissions):
"""
Anonymous users: can create notifications but can't read
@@ -53,6 +56,7 @@ class InboxPermissions(WACPermissions):
Inbox owners: can read + update all notifications
"""
filter_class = ObjectFilter
+
def has_permission(self, request, view):
if view.action in ['create', 'retrieve', 'update', 'partial_update', 'destroy']:
return True
@@ -67,6 +71,7 @@ class InboxPermissions(WACPermissions):
return True
return super().has_object_permission(request, view)
+
class AnonymousReadOnly(WACPermissions):
"""
Anonymous users: can read all posts
@@ -97,4 +102,4 @@ class AnonymousReadOnly(WACPermissions):
if author == request.user:
return True
else:
- return super().has_object_permission(request, view, obj)
\ No newline at end of file
+ return super().has_object_permission(request, view, obj)
diff --git a/djangoldp/views.py b/djangoldp/views.py
index 0af35f86c51ddd03a9fa849790e7be9328bef981..6b1e8ad5c1012fd75a35095037b3af110e6a4490 100644
--- a/djangoldp/views.py
+++ b/djangoldp/views.py
@@ -6,7 +6,6 @@ from django.core.urlresolvers import get_resolver
from django.db.utils import OperationalError
from django.shortcuts import get_object_or_404
from django.utils.decorators import classonlymethod
-from djangoldp.models import LDPSource
from guardian.shortcuts import get_objects_for_user
from pyld import jsonld
from rest_framework.authentication import SessionAuthentication
@@ -14,6 +13,7 @@ from rest_framework.parsers import JSONParser
from rest_framework.renderers import JSONRenderer
from rest_framework.viewsets import ModelViewSet
+from djangoldp.models import LDPSource, Model
from .serializers import LDPSerializer
@@ -194,7 +194,8 @@ class LDPNestedViewSet(LDPViewSet):
related_field=related_field,
parent_lookup_field=cls.get_lookup_arg(**kwargs),
model_prefix=cls.get_model(**kwargs)._meta.object_name.lower(),
- permission_classes=kwargs.get('permission_classes', ()),
+ permission_classes=Model.get_permission_classes(related_field.related_model,
+ kwargs.get('permission_classes', ())),
lookup_url_kwarg=related_field.related_model._meta.object_name.lower() + '_id')