Viewsets, restapi: editovat mohou jen organizátoři, vidět mohou všichni
This commit is contained in:
Aneta Pokorná
parent
9726dca10a
commit
87f2ad7a84
3 changed files with 29 additions and 5 deletions
|
|
@ -123,6 +123,7 @@ INSTALLED_APPS = (
|
|||
|
||||
'webpack_loader',
|
||||
'rest_framework',
|
||||
'rest_framework.authtoken',
|
||||
|
||||
# MaMweb
|
||||
'mamweb',
|
||||
|
|
|
|||
7
seminar/permissions.py
Normal file
7
seminar/permissions.py
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
from rest_framework.permissions import BasePermission
|
||||
|
||||
class AllowWrite(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return request.user.has_perm('auth.org')
|
||||
|
||||
|
|
@ -1,7 +1,23 @@
|
|||
from rest_framework import viewsets,filters
|
||||
from rest_framework.permissions import BasePermission, AllowAny
|
||||
from . import models as m
|
||||
from . import views
|
||||
|
||||
from seminar.permissions import AllowWrite
|
||||
|
||||
class PermissionMixin(object):
|
||||
""" Redefines get_permissions so that only organizers can make changes. """
|
||||
|
||||
def get_permissions(self):
|
||||
permission_classes = []
|
||||
print("get_permissions have been called.")
|
||||
if self.action in ["create", "update", "partial_update", "destroy"]:
|
||||
permission_classes = [AllowWrite] # speciální permission na zápis - orgové
|
||||
else:
|
||||
permission_classes = [AllowAny] # návštěvník nemusí být zalogován, aby si prohlížel obsah
|
||||
return [permission() for permission in permission_classes]
|
||||
|
||||
|
||||
class ReadWriteSerializerMixin(object):
|
||||
"""
|
||||
Overrides get_serializer_class to choose the read serializer
|
||||
|
|
@ -46,27 +62,27 @@ class ReadWriteSerializerMixin(object):
|
|||
)
|
||||
return self.create_serializer_class
|
||||
|
||||
class UlohaVzorakNodeViewSet(viewsets.ModelViewSet):
|
||||
class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet):
|
||||
queryset = m.UlohaVzorakNode.objects.all()
|
||||
serializer_class = views.UlohaVzorakNodeSerializer
|
||||
|
||||
class TextViewSet(viewsets.ModelViewSet):
|
||||
class TextViewSet(PermissionMixin, viewsets.ModelViewSet):
|
||||
queryset = m.Text.objects.all()
|
||||
serializer_class = views.TextSerializer
|
||||
|
||||
class TextNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet):
|
||||
class TextNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet):
|
||||
queryset = m.TextNode.objects.all()
|
||||
read_serializer_class = views.TextNodeSerializer
|
||||
write_serializer_class = views.TextNodeWriteSerializer
|
||||
create_serializer_class = views.TextNodeCreateSerializer
|
||||
|
||||
class CastNodeViewSet(ReadWriteSerializerMixin,viewsets.ModelViewSet):
|
||||
class CastNodeViewSet(PermissionMixin, ReadWriteSerializerMixin,viewsets.ModelViewSet):
|
||||
queryset = m.CastNode.objects.all()
|
||||
read_serializer_class = views.CastNodeSerializer
|
||||
write_serializer_class = views.CastNodeSerializer
|
||||
create_serializer_class = views.CastNodeCreateSerializer
|
||||
|
||||
class UlohaVzorakNodeViewSet(viewsets.ModelViewSet):
|
||||
class UlohaVzorakNodeViewSet(PermissionMixin, viewsets.ModelViewSet):
|
||||
serializer_class = views.UlohaVzorakNodeSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
|
|
|
|||
Loading…
Reference in a new issue