matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
c152156a11cd15a1305f61a88a314dee5ae1b4d2
mayan-edms/mayan/apps/rest_api/permissions.py
Roberto Rosario c152156a11 Refactor metadata app API 
Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
2019-03-15 04:49:51 -04:00

39 lines
1.2 KiB
Python
Raw Blame History

from __future__ import absolute_import, unicode_literals
from django.core.exceptions import PermissionDenied
from rest_framework.permissions import BasePermission
from mayan.apps.permissions import Permission
class MayanViewSetPermission(BasePermission):
def has_permission(self, request, view):
"""
Block the API view by access using a permission.
Required the view_permission_map class attribute which is a dictionary
that matches a view actions ('create', 'destroy', etc) to a single
permission instance.
Example: view_permission_map = {
'update': permission_..._edit
'list': permission_..._view
}
"""
if not request.user or not request.user.is_authenticated:
return False
view_permission_dictionary = getattr(view, 'view_permission_map', {})
view_permission = view_permission_dictionary.get(view.action, None)
if view_permission:
try:
Permission.check_user_permission(
permission=view_permission, user=request.user
)
except PermissionDenied:
return False
else:
return True
else:
return True
Reference in New Issue View Git Blame Copy Permalink