def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.list_chapters'):
return super(ChapterListCreate, self).get(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.manage_books'):
return super(BookUserList, self).get(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.list_chapters'):
return super(ChapterListCreate, self).get(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, book_id, pk, format=None):
try:
book = Book.objects.get(id=book_id)
user = User.objects.get(id=pk)
except (Book.DoesNotExist, User.DoesNotExist):
raise NotFound
book_security = BookSecurity(request.user, book)
if not book_security.has_perm('api.manage_books'):
raise PermissionDenied
roles = {'default_roles': [], 'book_roles': []}
# default roles
roles['default_roles'].append(core_serializers.SimpleRoleSerializer(
Role.objects.get(name='registered_users')
).data)
print Role.objects.get(name='registered_users').permissions
# get book roles
for role in user.roles.filter(book=book):
roles['book_roles'].append(core_serializers.SimpleBookRoleSerializer(role).data)
return Response(roles)
def get(self, request, book_id, pk, format=None):
try:
book = Book.objects.get(id=book_id)
user = User.objects.get(id=pk)
except (Book.DoesNotExist, User.DoesNotExist):
raise NotFound
book_security = BookSecurity(request.user, book)
if not book_security.has_perm('api.manage_books'):
raise PermissionDenied
permissions = set()
# default permissions
for perm in Role.objects.get(name='registered_users').permissions.all():
permissions.add('{}.{}'.format(perm.app_name, perm.name))
# get book permissions
for book_role in user.roles.filter(book=book):
for perm in book_role.role.permissions.all():
permissions.add('{}.{}'.format(perm.app_name, perm.name))
permissions = list(permissions)
permissions.sort()
return Response(permissions)
def delete(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.delete_metadata'):
return super(MetadataRetrieveUpdateDestroy, self).delete(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.manage_books'):
return super(BookUserList, self).get(request, *args, **kwargs)
raise PermissionDenied
def post(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.create_metadata'):
return super(MetadataListCreate, self).post(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, book_id, pk, format=None):
try:
book = Book.objects.get(id=book_id)
user = User.objects.get(id=pk)
except (Book.DoesNotExist, User.DoesNotExist):
raise NotFound
book_security = BookSecurity(request.user, book)
if not book_security.has_perm('api.manage_books'):
raise PermissionDenied
roles = {'default_roles': [], 'book_roles': []}
# default roles
roles['default_roles'].append(
core_serializers.SimpleRoleSerializer(
Role.objects.get(name='registered_users')).data)
print Role.objects.get(name='registered_users').permissions
# get book roles
for role in user.roles.filter(book=book):
roles['book_roles'].append(
core_serializers.SimpleBookRoleSerializer(role).data)
return Response(roles)
def patch(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.update_chapters'):
return super(ChapterRetrieveUpdateDestroy, self).patch(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, book_id, pk, format=None):
try:
book = Book.objects.get(id=book_id)
user = User.objects.get(id=pk)
except (Book.DoesNotExist, User.DoesNotExist):
raise NotFound
book_security = BookSecurity(request.user, book)
if not book_security.has_perm('api.manage_books'):
raise PermissionDenied
permissions = set()
# default permissions
for perm in Role.objects.get(
name='registered_users').permissions.all():
permissions.add('{}.{}'.format(perm.app_name, perm.name))
# get book permissions
for book_role in user.roles.filter(book=book):
for perm in book_role.role.permissions.all():
permissions.add('{}.{}'.format(perm.app_name, perm.name))
permissions = list(permissions)
permissions.sort()
return Response(permissions)
def patch(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.update_chapters'):
return super(ChapterRetrieveUpdateDestroy,
self).patch(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
# TODO think about permissions
if book_security.has_perm('edit.edit_book'):
return super(BookAttachmentList, self).get(request, *args, **kwargs)
raise PermissionDenied
def delete(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.delete_metadata'):
return super(MetadataRetrieveUpdateDestroy,
self).delete(request, *args, **kwargs)
raise PermissionDenied
def post(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.create_metadata'):
return super(MetadataListCreate,
self).post(request, *args, **kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
# TODO think about permissions
if book_security.has_perm('edit.edit_book'):
return super(BookAttachmentList, self).get(request, *args,
**kwargs)
raise PermissionDenied
def get(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm(
'api.manage_books') and book_security.has_perm(
'api.list_chapters'):
return super(ChapterRetrieveUpdateDestroy,
self).get(request, *args, **kwargs)
raise PermissionDenied
def delete(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.delete_chapters'):
self._chapter = self.get_object()
respone = super(ChapterRetrieveUpdateDestroy, self).delete(request, *args, **kwargs)
if respone.status_code is status.HTTP_204_NO_CONTENT:
self._delete_notifications()
logBookHistory(book=self._book, version=self._book.version,
args={'chapter': self._chapter.title},
user=self.request.user, kind='chapter_delete')
return respone
raise PermissionDenied
def delete(self, request, *args, **kwargs):
book_security = BookSecurity(request.user, self._get_book())
if book_security.has_perm('api.delete_chapters'):
self._chapter = self.get_object()
respone = super(ChapterRetrieveUpdateDestroy,
self).delete(request, *args, **kwargs)
if respone.status_code is status.HTTP_204_NO_CONTENT:
self._delete_notifications()
logBookHistory(book=self._book,
version=self._book.version,
args={'chapter': self._chapter.title},
user=self.request.user,
kind='chapter_delete')
return respone
raise PermissionDenied
def post(self, request, *args, **kwargs):
# TODO test it and cover with tests
book_security = BookSecurity(request.user, self._get_book())
user = request.user
can_upload_attachment = book_security.has_perm(
'edit.upload_attachment')
if not user.is_superuser and not can_upload_attachment and self._book.owner != user:
raise PermissionDenied
stat = BookStatus.objects.filter(book=self._book)[0]
if 'file' not in request.FILES:
raise ValidationError({'file': ['"file" is required.']})
file_data = request.FILES['file']
attname, attext = os.path.splitext(file_data.name)
available_extensions = ('jpg', 'png', 'jpeg', 'gif')
if attext.rsplit('.', 1)[-1].lower() not in available_extensions:
raise ValidationError({
'file': [
'Not supported extension. Available extensions: {}'.format(
' '.join(available_extensions))
]
})
with transaction.atomic():
att = Attachment(
version=self._book.version,
# must remove this reference
created=datetime.datetime.now(),
book=self._book,
status=stat)
att.save()
att.attachment.save('{}{}'.format(booktype_slugify(attname),
attext),
file_data,
save=False)
att.save()
# notificatoin message
channel_name = "/booktype/book/{}/{}/".format(
self._book.id, self._book.version.get_version())
clnts = sputnik.smembers(
"sputnik:channel:{}:channel".format(channel_name))
message = {
'channel': channel_name,
'command': 'notification',
'message': 'notification_new_attachment_uploaded',
'username': self.request.user.username,
'message_args': (att.get_name(), )
}
for c in clnts:
if c.strip() != '':
sputnik.push("ses:%s:messages" % c, json.dumps(message))
# response
serializer_instance = self.serializer_class(att)
return Response(serializer_instance.data,
status=status.HTTP_201_CREATED)
def post(self, request, *args, **kwargs):
# TODO test it and cover with tests
book_security = BookSecurity(request.user, self._get_book())
user = request.user
can_upload_attachment = book_security.has_perm('edit.upload_attachment')
if not user.is_superuser and not can_upload_attachment and self._book.owner != user:
raise PermissionDenied
stat = BookStatus.objects.filter(book=self._book)[0]
if 'file' not in request.FILES:
raise ValidationError({'file': ['"file" is required.']})
file_data = request.FILES['file']
attname, attext = os.path.splitext(file_data.name)
available_extensions = ('jpg', 'png', 'jpeg', 'gif')
if attext.rsplit('.', 1)[-1].lower() not in available_extensions:
raise ValidationError({'file': [
'Not supported extension. Available extensions: {}'.format(
' '.join(available_extensions))
]})
with transaction.atomic():
att = Attachment(
version=self._book.version,
# must remove this reference
created=datetime.datetime.now(),
book=self._book,
status=stat
)
att.save()
att.attachment.save(
'{}{}'.format(booktype_slugify(attname), attext),
file_data,
save=False
)
att.save()
# notificatoin message
channel_name = "/booktype/book/{}/{}/".format(self._book.id,
self._book.version.get_version())
clnts = sputnik.smembers(
"sputnik:channel:{}:channel".format(channel_name))
message = {
'channel': channel_name,
'command': 'notification',
'message': 'notification_new_attachment_uploaded',
'username': self.request.user.username,
'message_args': (att.get_name(),)
}
for c in clnts:
if c.strip() != '':
sputnik.push("ses:%s:messages" % c, json.dumps(message))
# response
serializer_instance = self.serializer_class(att)
return Response(serializer_instance.data, status=status.HTTP_201_CREATED)
