From 87f2ad7a8481e80ae3c5f0ed26d834e6e87b5545 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aneta=20Pokorn=C3=A1?= Date: Wed, 4 Nov 2020 01:02:39 +0100 Subject: [PATCH] =?UTF-8?q?Viewsets,=20restapi:=20editovat=20mohou=20jen?= =?UTF-8?q?=20organiz=C3=A1to=C5=99i,=20vid=C4=9Bt=20mohou=20v=C5=A1ichni?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mamweb/settings_common.py | 1 + seminar/permissions.py | 7 +++++++ seminar/viewsets.py | 26 +++++++++++++++++++++----- 3 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 seminar/permissions.py diff --git a/mamweb/settings_common.py b/mamweb/settings_common.py index 0f1d3812..bec16f7f 100644 --- a/mamweb/settings_common.py +++ b/mamweb/settings_common.py @@ -123,6 +123,7 @@ INSTALLED_APPS = ( 'webpack_loader', 'rest_framework', + 'rest_framework.authtoken', # MaMweb 'mamweb', diff --git a/seminar/permissions.py b/seminar/permissions.py new file mode 100644 index 00000000..5503832f --- /dev/null +++ b/seminar/permissions.py @@ -0,0 +1,7 @@ +from rest_framework.permissions import BasePermission + +class AllowWrite(BasePermission): + + def has_permission(self, request, view): + return request.user.has_perm('auth.org') + diff --git a/seminar/viewsets.py b/seminar/viewsets.py index 8c83c067..b083aa61 100644 --- a/seminar/viewsets.py +++ b/seminar/viewsets.py @@ -1,7 +1,23 @@ from rest_framework import viewsets,filters +from rest_framework.permissions import BasePermission, AllowAny from . import models as m from . import views +from seminar.permissions import AllowWrite + +class PermissionMixin(object): + """ Redefines get_permissions so that only organizers can make changes. """ + + def get_permissions(self): + permission_classes = [] + print("get_permissions have been called.") + if self.action in ["create", "update", "partial_update", "destroy"]: + permission_classes = [AllowWrite] # speciální permission na zápis - orgové + else: + permission_classes = [AllowAny] # návštěvník nemusí být zalogován, aby si prohlížel obsah + return [permission() for permission in permission_classes] + + class ReadWriteSerializerMixin(object): """ Overrides get_serializer_class to choose the read serializer @@ -46,27 +62,27 @@ class ReadWriteSerializerMixin(object): ) return self.create_serializer_class -class UlohaVzorakNodeViewSet(viewsets.ModelViewSet): +class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet): queryset = m.UlohaVzorakNode.objects.all() serializer_class = views.UlohaVzorakNodeSerializer -class TextViewSet(viewsets.ModelViewSet): +class TextViewSet(PermissionMixin, viewsets.ModelViewSet): queryset = m.Text.objects.all() serializer_class = views.TextSerializer -class TextNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet): +class TextNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet): queryset = m.TextNode.objects.all() read_serializer_class = views.TextNodeSerializer write_serializer_class = views.TextNodeWriteSerializer create_serializer_class = views.TextNodeCreateSerializer -class CastNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet): +class CastNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet): queryset = m.CastNode.objects.all() read_serializer_class = views.CastNodeSerializer write_serializer_class = views.CastNodeSerializer create_serializer_class = views.CastNodeCreateSerializer -class UlohaVzorakNodeViewSet(viewsets.ModelViewSet): +class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet): serializer_class = views.UlohaVzorakNodeSerializer def get_queryset(self):