From 997dc7711c17f357bed29054e819b5bef17c9d64 Mon Sep 17 00:00:00 2001
From: Thibaud Duquennoy <thibaud@duquennoy.fr>
Date: Fri, 15 Mar 2019 17:26:16 +0100
Subject: [PATCH] bugfix: user_permissions is now a method of the permission
class
bugfix: user_permissions is now a method of the permission class
---
djangoldp/permissions.py | 24 +++++++++++++++++++++++-
djangoldp/serializers.py | 14 +++++---------
2 files changed, 28 insertions(+), 10 deletions(-)
diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index 00f75d11..47ec7ab7 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -33,6 +33,10 @@ class WACPermissions(permissions.DjangoObjectPermissions):
else:
return super().has_permission(request, view)
+ # This method should be overriden by other permission classes
+ def user_permissions(self, request, view, obj):
+ return []
+
class ObjectFilter(filters.BaseFilterBackend):
def filter_queryset(self, request, queryset, view):
@@ -97,4 +101,22 @@ class AnonymousReadOnly(WACPermissions):
if author == request.user:
return True
else:
- return super().has_object_permission(request, view, obj)
\ No newline at end of file
+ return super().has_object_permission(request, view, obj)
+
+ def user_permissions(self, request, view, obj):
+ if request.user.is_anonymous:
+ return self.anonymous_perms
+ else:
+ if hasattr(obj._meta, 'auto_author') and getattr(obj, obj._meta.auto_author) == request.user:
+ return self.author_perms
+ else:
+ return self.authenticated_perms
+
+ def filter_user_perms(self, request, obj, permissions):
+ if request.user.is_anonymous:
+ return [perm for perm in permissions if perm in self.anonymous_perms]
+ else:
+ if hasattr(obj._meta, 'auto_author') and getattr(obj, obj._meta.auto_author) == request.user:
+ return [perm for perm in permissions if perm in self.author_perms]
+ else:
+ return [perm for perm in permissions if perm in self.authenticated_perms]
\ No newline at end of file
diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py
index 3a4438d4..9768a803 100644
--- a/djangoldp/serializers.py
+++ b/djangoldp/serializers.py
@@ -19,7 +19,6 @@ from rest_framework.utils.serializer_helpers import ReturnDict
from djangoldp.fields import LDPUrlField, IdURLField
from djangoldp.models import Model
-from djangoldp import permissions
class LDListMixin:
@@ -198,20 +197,17 @@ class LDPSerializer(HyperlinkedModelSerializer):
def to_representation(self, obj):
data = super().to_representation(obj)
+ permissions = [{'mode': {'@type': 'view'}}, {'mode': {'@type': 'add'}}, {'mode': {'@type': 'change'}}, {'mode': {'@type': ''}}]
if hasattr(obj._meta, 'rdf_type'):
data['@type'] = obj._meta.rdf_type
+
data['permissions'] = [{'mode': {'@type': name.split('_')[0]}} for name in
get_perms(self.context['request'].user, obj)]
- if self.context['request'].user.is_anonymous:
- data['permissions'] += permissions.AnonymousReadOnly.anonymous_perms
- if hasattr(obj._meta, 'auto_author'):
- author = getattr(obj, obj._meta.auto_author)
- if author == self.context['request'].user:
- data['permissions'] += permissions.AnonymousReadOnly.author_perms
- else:
- data['permissions'] += permissions.AnonymousReadOnly.authenticated_perms
+ for permission_class in obj._meta.permission_classes:
+ perms = permission_class().filter_user_perms(self.context['request'], obj, permissions)
+ data['permissions'] += perms
if hasattr(obj._meta, 'rdf_context'):
data['@context'] = obj._meta.rdf_context
--
GitLab