matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
4d8dc8e552fbd4bc31adcd7ff9b22922a1ebcc76
mayan-edms/mayan/apps/permissions/api_views.py
Roberto Rosario 54100f7538 Role permissions API: Add permission checking and tests 
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
2019-02-25 21:09:21 -04:00

184 lines
6.6 KiB
Python
Raw Blame History

from __future__ import unicode_literals
from rest_framework import status, viewsets
from rest_framework.response import Response
from rest_framework.decorators import action
from mayan.apps.rest_api.viewsets import MayanAPIModelViewSet
from mayan.apps.user_management.permissions import permission_group_view
from mayan.apps.user_management.serializers import GroupSerializer
from .classes import PermissionNamespace
from .models import Role
from .permissions import (
permission_role_create, permission_role_delete, permission_role_edit,
permission_role_view
)
from .serializers import (
PermissionNamespaceSerializer, PermissionSerializer, RoleGroupAddRemoveSerializer,
RolePermissionAddRemoveSerializer, RoleSerializer
)
class PermissionNamespaceAPIViewSet(viewsets.ReadOnlyModelViewSet):
lookup_field = 'name'
lookup_url_kwarg = 'permission_namespace_name'
serializer_class = PermissionNamespaceSerializer
def get_object(self):
lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
filter_kwargs = {self.lookup_field: self.kwargs[lookup_url_kwarg]}
return PermissionNamespace.get(**filter_kwargs)
@action(
detail=True, serializer_class=PermissionSerializer,
url_name='permission-list', url_path='permissions'
)
def permission_list(self, request, *args, **kwargs):
queryset = self.get_object().permissions
page = self.paginate_queryset(queryset)
serializer = self.get_serializer(
queryset, many=True, context={'request': request}
)
if page is not None:
return self.get_paginated_response(serializer.data)
return Response(serializer.data)
def get_queryset(self):
return PermissionNamespace.all()
class PermissionAPIViewSet(viewsets.ReadOnlyModelViewSet):
lookup_field = 'pk'
lookup_url_kwarg = 'permission_name'
lookup_value_regex = r'[\w\.]+'
serializer_class = PermissionSerializer
def get_object(self):
namespace = PermissionNamespace.get(name=self.kwargs['permission_namespace_name'])
permissions = namespace.get_permissions()
return permissions.get(self.kwargs['permission_name'])
class RoleAPIViewSet(MayanAPIModelViewSet):
lookup_url_kwarg = 'role_id'
object_permission_map = {
'destroy': permission_role_delete,
'group_add': permission_role_edit,
'group_list': permission_role_view,
'group_remove': permission_role_edit,
'list': permission_role_view,
'partial_update': permission_role_edit,
'permission_add': permission_role_edit,
'permission_list': permission_role_view,
'permission_remove': permission_role_edit,
'retrieve': permission_role_view,
'update': permission_role_edit,
}
queryset = Role.objects.all()
serializer_class = RoleSerializer
view_permission_map = {
'create': permission_role_create
}
@action(
detail=True, lookup_url_kwarg='role_id', methods=('post',),
serializer_class=RoleGroupAddRemoveSerializer,
url_name='group-add', url_path='groups/add'
)
def group_add(self, request, *args, **kwargs):
instance = self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.groups_add(instance=instance)
headers = self.get_success_headers(data=serializer.data)
return Response(
serializer.data, status=status.HTTP_200_OK, headers=headers
)
@action(
detail=True, lookup_url_kwarg='role_id',
serializer_class=GroupSerializer, url_name='group-list',
url_path='groups'
)
def group_list(self, request, *args, **kwargs):
queryset = self.get_object().get_groups(
permission=permission_group_view, user=self.request.user
)
page = self.paginate_queryset(queryset)
serializer = self.get_serializer(
queryset, many=True, context={'request': request}
)
if page is not None:
return self.get_paginated_response(serializer.data)
return Response(serializer.data)
@action(
detail=True, lookup_url_kwarg='role_id',
methods=('post',), serializer_class=RoleGroupAddRemoveSerializer,
url_name='group-remove', url_path='groups/remove'
)
def group_remove(self, request, *args, **kwargs):
instance = self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.groups_remove(instance=instance)
headers = self.get_success_headers(data=serializer.data)
return Response(
serializer.data, status=status.HTTP_200_OK, headers=headers
)
@action(
detail=True, lookup_url_kwarg='role_id', methods=('post',),
serializer_class=RolePermissionAddRemoveSerializer,
url_name='permission-add', url_path='permissions/add'
)
def permission_add(self, request, *args, **kwargs):
instance = self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.permissions_add(instance=instance)
headers = self.get_success_headers(data=serializer.data)
return Response(
serializer.data, status=status.HTTP_200_OK, headers=headers
)
@action(
detail=True, lookup_url_kwarg='role_id',
serializer_class=PermissionSerializer, url_name='permission-list',
url_path='permissions'
)
def permission_list(self, request, *args, **kwargs):
queryset = self.get_object().permissions.all()
page = self.paginate_queryset(queryset)
serializer = self.get_serializer(
queryset, many=True, context={'request': request}
)
if page is not None:
return self.get_paginated_response(serializer.data)
return Response(serializer.data)
@action(
detail=True, lookup_url_kwarg='role_id',
methods=('post',), serializer_class=RolePermissionAddRemoveSerializer,
url_name='permission-remove', url_path='permissions/remove'
)
def permission_remove(self, request, *args, **kwargs):
instance = self.get_object()
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.permissions_remove(instance=instance)
headers = self.get_success_headers(data=serializer.data)
return Response(
serializer.data, status=status.HTTP_200_OK, headers=headers
)
Reference in New Issue View Git Blame Copy Permalink