Viewsets, restapi: editovat mohou jen organizátoři, vidět mohou všichni

4 years ago · 87f2ad7a84
3 changed files with 29 additions and 5 deletions
--- a/mamweb/settings_common.py
+++ b/mamweb/settings_common.py
@ -123,6 +123,7 @@ INSTALLED_APPS = (
    
    'webpack_loader',
    'rest_framework',
+    'rest_framework.authtoken',

    # MaMweb
    'mamweb',
--- a/seminar/permissions.py
+++ b/seminar/permissions.py
@ -0,0 +1,7 @@
+from rest_framework.permissions import BasePermission
+
+class AllowWrite(BasePermission):
+
+         def has_permission(self, request, view):
+                  return request.user.has_perm('auth.org')
+
--- a/seminar/viewsets.py
+++ b/seminar/viewsets.py
@ -1,7 +1,23 @@
 from rest_framework import viewsets,filters
+from rest_framework.permissions import BasePermission, AllowAny
 from . import models as m
 from . import views

+from seminar.permissions import AllowWrite 
+
+class PermissionMixin(object):
+	""" Redefines get_permissions so that only organizers can make changes. """
+
+	def get_permissions(self):
+                permission_classes = []
+                print("get_permissions have been called.")
+                if self.action in ["create", "update", "partial_update", "destroy"]:
+                        permission_classes = [AllowWrite] # speciální permission na zápis - orgové
+                else:
+                        permission_classes = [AllowAny] # návštěvník nemusí být zalogován, aby si prohlížel obsah
+                return [permission() for permission in permission_classes]
+
+
 class ReadWriteSerializerMixin(object):
 	"""
 	Overrides get_serializer_class to choose the read serializer
@ -46,27 +62,27 @@ class ReadWriteSerializerMixin(object):
 		)
 		return self.create_serializer_class

-class UlohaVzorakNodeViewSet(viewsets.ModelViewSet):
+class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet):
 	queryset = m.UlohaVzorakNode.objects.all()
 	serializer_class = views.UlohaVzorakNodeSerializer

-class TextViewSet(viewsets.ModelViewSet):
+class TextViewSet(PermissionMixin, viewsets.ModelViewSet):
 	queryset = m.Text.objects.all()
 	serializer_class = views.TextSerializer

-class TextNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet):
+class TextNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet):
 	queryset = m.TextNode.objects.all()
 	read_serializer_class = views.TextNodeSerializer
 	write_serializer_class = views.TextNodeWriteSerializer
 	create_serializer_class = views.TextNodeCreateSerializer

-class CastNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet):
+class CastNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet):
 	queryset = m.CastNode.objects.all()
 	read_serializer_class = views.CastNodeSerializer
 	write_serializer_class = views.CastNodeSerializer
 	create_serializer_class = views.CastNodeCreateSerializer

-class UlohaVzorakNodeViewSet(viewsets.ModelViewSet):
+class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet):
 	serializer_class = views.UlohaVzorakNodeSerializer

 	def get_queryset(self):