Allow registering permission from the permission namespace. Replace all permission variables to be lowercase (style guide reserver uppercase variables for constants and literals).
This commit is contained in:
Roberto Rosario
@@ -7,16 +7,16 @@ from rest_framework import generics
|
||||
|
||||
from acls.models import AccessEntry
|
||||
from documents.models import Document
|
||||
from documents.permissions import PERMISSION_DOCUMENT_VIEW
|
||||
from documents.permissions import permission_document_view
|
||||
from permissions.models import Permission
|
||||
from rest_api.filters import MayanObjectPermissionsFilter
|
||||
from rest_api.permissions import MayanPermission
|
||||
|
||||
from .models import Index, IndexInstanceNode, IndexTemplateNode
|
||||
from .permissions import (PERMISSION_DOCUMENT_INDEXING_CREATE,
|
||||
PERMISSION_DOCUMENT_INDEXING_DELETE,
|
||||
PERMISSION_DOCUMENT_INDEXING_EDIT,
|
||||
PERMISSION_DOCUMENT_INDEXING_VIEW)
|
||||
from .permissions import (permission_document_indexing_create,
|
||||
permission_document_indexing_delete,
|
||||
permission_document_indexing_edit,
|
||||
permission_document_indexing_view)
|
||||
from .serializers import (IndexInstanceNodeSerializer, IndexSerializer,
|
||||
IndexTemplateNodeSerializer)
|
||||
|
||||
@@ -26,8 +26,8 @@ class APIIndexListView(generics.ListCreateAPIView):
|
||||
queryset = Index.objects.all()
|
||||
|
||||
filter_backends = (MayanObjectPermissionsFilter,)
|
||||
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]}
|
||||
mayan_view_permissions = {'POST': [PERMISSION_DOCUMENT_INDEXING_CREATE]}
|
||||
mayan_object_permissions = {'GET': [permission_document_indexing_view]}
|
||||
mayan_view_permissions = {'POST': [permission_document_indexing_create]}
|
||||
|
||||
def get(self, *args, **kwargs):
|
||||
"""Returns a list of all the defined indexes."""
|
||||
@@ -44,10 +44,10 @@ class APIIndexView(generics.RetrieveUpdateDestroyAPIView):
|
||||
|
||||
permission_classes = (MayanPermission,)
|
||||
mayan_object_permissions = {
|
||||
'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW],
|
||||
'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT],
|
||||
'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT],
|
||||
'DELETE': [PERMISSION_DOCUMENT_INDEXING_DELETE]
|
||||
'GET': [permission_document_indexing_view],
|
||||
'PUT': [permission_document_indexing_edit],
|
||||
'PATCH': [permission_document_indexing_edit],
|
||||
'DELETE': [permission_document_indexing_delete]
|
||||
}
|
||||
|
||||
def delete(self, *args, **kwargs):
|
||||
@@ -73,7 +73,7 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
|
||||
"""
|
||||
|
||||
filter_backends = (MayanObjectPermissionsFilter,)
|
||||
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]}
|
||||
mayan_object_permissions = {'GET': [permission_document_view]}
|
||||
|
||||
def get_serializer_class(self):
|
||||
from documents.serializers import DocumentSerializer
|
||||
@@ -82,9 +82,9 @@ class APIIndexNodeInstanceDocumentListView(generics.ListAPIView):
|
||||
def get_queryset(self):
|
||||
index_node_instance = get_object_or_404(IndexInstanceNode, pk=self.kwargs['pk'])
|
||||
try:
|
||||
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_INDEXING_VIEW])
|
||||
Permission.objects.check_permissions(self.request.user, [permission_document_indexing_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_INDEXING_VIEW, self.request.user, index_node_instance.index)
|
||||
AccessEntry.objects.check_access(permission_document_indexing_view, self.request.user, index_node_instance.index)
|
||||
|
||||
return index_node_instance.documents.all()
|
||||
|
||||
@@ -93,7 +93,7 @@ class APIIndexTemplateListView(generics.ListAPIView):
|
||||
serializer_class = IndexTemplateNodeSerializer
|
||||
|
||||
filter_backends = (MayanObjectPermissionsFilter,)
|
||||
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]}
|
||||
mayan_object_permissions = {'GET': [permission_document_indexing_view]}
|
||||
|
||||
def get(self, *args, **kwargs):
|
||||
"""Returns a list of all the template nodes for the selected index."""
|
||||
@@ -106,10 +106,10 @@ class APIIndexTemplateView(generics.RetrieveUpdateDestroyAPIView):
|
||||
|
||||
permission_classes = (MayanPermission,)
|
||||
mayan_object_permissions = {
|
||||
'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW],
|
||||
'PUT': [PERMISSION_DOCUMENT_INDEXING_EDIT],
|
||||
'PATCH': [PERMISSION_DOCUMENT_INDEXING_EDIT],
|
||||
'DELETE': [PERMISSION_DOCUMENT_INDEXING_EDIT]
|
||||
'GET': [permission_document_indexing_view],
|
||||
'PUT': [permission_document_indexing_edit],
|
||||
'PATCH': [permission_document_indexing_edit],
|
||||
'DELETE': [permission_document_indexing_edit]
|
||||
}
|
||||
|
||||
def delete(self, *args, **kwargs):
|
||||
@@ -137,13 +137,13 @@ class APIDocumentIndexListView(generics.ListAPIView):
|
||||
serializer_class = IndexInstanceNodeSerializer
|
||||
|
||||
filter_backends = (MayanObjectPermissionsFilter,)
|
||||
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_INDEXING_VIEW]}
|
||||
mayan_object_permissions = {'GET': [permission_document_indexing_view]}
|
||||
|
||||
def get_queryset(self):
|
||||
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
||||
try:
|
||||
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW])
|
||||
Permission.objects.check_permissions(self.request.user, [permission_document_view])
|
||||
except PermissionDenied:
|
||||
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document)
|
||||
AccessEntry.objects.check_access(permission_document_view, self.request.user, document)
|
||||
|
||||
return document.node_instances.all()
|
||||
|
||||
Reference in New Issue
Block a user