152 lines
5.8 KiB
Python
152 lines
5.8 KiB
Python
from __future__ import absolute_import
|
|
|
|
from django.core.exceptions import PermissionDenied
|
|
from django.shortcuts import get_object_or_404
|
|
|
|
from rest_framework import generics, status, views
|
|
from rest_framework.response import Response
|
|
|
|
from acls.models import AccessEntry
|
|
from documents.models import Document
|
|
from documents.permissions import PERMISSION_DOCUMENT_VIEW
|
|
from permissions.models import Permission
|
|
from rest_api.filters import MayanObjectPermissionsFilter
|
|
from rest_api.permissions import MayanPermission
|
|
|
|
from .models import Folder
|
|
from .permissions import (PERMISSION_FOLDER_ADD_DOCUMENT,
|
|
PERMISSION_FOLDER_CREATE, PERMISSION_FOLDER_DELETE,
|
|
PERMISSION_FOLDER_EDIT,
|
|
PERMISSION_FOLDER_REMOVE_DOCUMENT,
|
|
PERMISSION_FOLDER_VIEW)
|
|
from .serializers import FolderSerializer
|
|
|
|
|
|
class APIFolderListView(generics.ListCreateAPIView):
|
|
serializer_class = FolderSerializer
|
|
queryset = Folder.objects.all()
|
|
|
|
permission_classes = (MayanPermission,)
|
|
filter_backends = (MayanObjectPermissionsFilter,)
|
|
mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]}
|
|
mayan_view_permissions = {'POST': [PERMISSION_FOLDER_CREATE]}
|
|
|
|
def get(self, *args, **kwargs):
|
|
"""Returns a list of all the folders."""
|
|
return super(APIFolderListView, self).get(*args, **kwargs)
|
|
|
|
def post(self, *args, **kwargs):
|
|
"""Create a new folder."""
|
|
return super(APIFolderListView, self).post(*args, **kwargs)
|
|
|
|
def create(self, request, *args, **kwargs):
|
|
serializer = self.get_serializer(data=request.DATA, files=request.FILES)
|
|
|
|
if serializer.is_valid():
|
|
serializer.object.user = request.user
|
|
self.pre_save(serializer.object)
|
|
self.object = serializer.save(force_insert=True)
|
|
self.post_save(self.object, created=True)
|
|
headers = self.get_success_headers(serializer.data)
|
|
return Response(serializer.data, status=status.HTTP_201_CREATED,
|
|
headers=headers)
|
|
|
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
class APIFolderView(generics.RetrieveUpdateDestroyAPIView):
|
|
serializer_class = FolderSerializer
|
|
queryset = Folder.objects.all()
|
|
|
|
permission_classes = (MayanPermission,)
|
|
mayan_object_permissions = {
|
|
'GET': [PERMISSION_FOLDER_VIEW],
|
|
'PUT': [PERMISSION_FOLDER_EDIT],
|
|
'PATCH': [PERMISSION_FOLDER_EDIT],
|
|
'DELETE': [PERMISSION_FOLDER_DELETE]
|
|
}
|
|
|
|
def delete(self, *args, **kwargs):
|
|
"""Delete the selected folder."""
|
|
return super(APIFolderView, self).delete(*args, **kwargs)
|
|
|
|
def get(self, *args, **kwargs):
|
|
"""Returns the details of the selected folder."""
|
|
return super(APIFolderView, self).get(*args, **kwargs)
|
|
|
|
def patch(self, *args, **kwargs):
|
|
"""Edit the selected folder."""
|
|
return super(APIFolderView, self).patch(*args, **kwargs)
|
|
|
|
def put(self, *args, **kwargs):
|
|
"""Edit the selected folder."""
|
|
return super(APIFolderView, self).put(*args, **kwargs)
|
|
|
|
|
|
class APIFolderDocumentListView(generics.ListAPIView):
|
|
"""Returns a list of all the documents contained in a particular folder."""
|
|
|
|
filter_backends = (MayanObjectPermissionsFilter,)
|
|
mayan_object_permissions = {'GET': [PERMISSION_DOCUMENT_VIEW]}
|
|
|
|
def get_serializer_class(self):
|
|
from documents.serializers import DocumentSerializer
|
|
return DocumentSerializer
|
|
|
|
def get_queryset(self):
|
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
|
try:
|
|
Permission.objects.check_permissions(self.request.user, [PERMISSION_FOLDER_VIEW])
|
|
except PermissionDenied:
|
|
AccessEntry.objects.check_access(PERMISSION_FOLDER_VIEW, self.request.user, folder)
|
|
|
|
return folder.documents.all()
|
|
|
|
|
|
class APIDocumentFolderListView(generics.ListAPIView):
|
|
"""Returns a list of all the folders to which a document belongs."""
|
|
|
|
serializer_class = FolderSerializer
|
|
|
|
filter_backends = (MayanObjectPermissionsFilter,)
|
|
mayan_object_permissions = {'GET': [PERMISSION_FOLDER_VIEW]}
|
|
|
|
def get_queryset(self):
|
|
document = get_object_or_404(Document, pk=self.kwargs['pk'])
|
|
try:
|
|
Permission.objects.check_permissions(self.request.user, [PERMISSION_DOCUMENT_VIEW])
|
|
except PermissionDenied:
|
|
AccessEntry.objects.check_access(PERMISSION_DOCUMENT_VIEW, self.request.user, document)
|
|
|
|
queryset = document.folders.all()
|
|
return queryset
|
|
|
|
|
|
class APIFolderDocumentView(views.APIView):
|
|
def delete(self, request):
|
|
"""Remove a document from the selected folder."""
|
|
|
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
|
try:
|
|
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_REMOVE_DOCUMENT])
|
|
except PermissionDenied:
|
|
AccessEntry.objects.check_access(PERMISSION_FOLDER_REMOVE_DOCUMENT, request.user, folder)
|
|
|
|
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
|
folder.documents.remove(document)
|
|
return Response(status=status.HTTP_204_NO_CONTENT)
|
|
|
|
# TODO: move this method as post of APIFolderDocumentListView
|
|
def post(self, request, *args, **kwargs):
|
|
"""Add a document to the selected folder."""
|
|
|
|
folder = get_object_or_404(Folder, pk=self.kwargs['pk'])
|
|
try:
|
|
Permission.objects.check_permissions(request.user, [PERMISSION_FOLDER_ADD_DOCUMENT])
|
|
except PermissionDenied:
|
|
AccessEntry.objects.check_access(PERMISSION_FOLDER_ADD_DOCUMENT, request.user, folder)
|
|
|
|
document = get_object_or_404(Document, pk=self.kwargs['document_pk'])
|
|
folder.documents.add(document)
|
|
return Response(status=status.HTTP_201_CREATED)
|