def perm_obj_checks(self, request, code, obj):
klass = self.base_checks(request, obj.__class__)
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")
permission = '%s.%s_%s' % (
klass._meta.app_label,
code,
get_module_name(klass._meta)
)
# Additional check: The logged in user owns the resource
if self.check_user_perm(request.user, permission, obj):
if request.method == 'GET':
if get_module_name(klass._meta) is 'resourceinfotype_model' \
and (request.user.is_superuser or is_member(request.user, 'elrcReviewers') or \
(is_member(request.user,
'ecmembers') and obj.storage_object.publication_status != 'i')
or request.user in obj.owners.all()):
return True
else:
return False
elif request.method == 'PATCH':
if get_module_name(klass._meta) is 'resourceinfotype_model' \
and (request.user.is_superuser or is_member(request.user, 'elrcReviewers') or \
request.user in obj.owners.all()):
return True
else:
return False
return True
raise Unauthorized("You are not allowed to access that resource.")
def perm_list_checks(self, request, code, obj_list):
klass = self.base_checks(request, obj_list.model)
if klass is False:
return []
permission = '%s.%s_%s' % (
klass._meta.app_label,
code,
get_module_name(klass._meta)
)
if self.check_user_perm(request.user, permission, obj_list):
if get_module_name(klass._meta) is "resourceinfotype_model" and not \
(is_member(request.user, 'ecmembers') or is_member(request.user, 'elrcReviewers')
or request.user.is_superuser):
return obj_list.filter(owners__in=[request.user])
else:
return obj_list
return obj_list.none()
def perm_obj_checks(self, request, code, obj):
klass = self.base_checks(request, obj.__class__)
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")
permission = '%s.%s_%s' % (klass._meta.app_label, code,
get_module_name(klass._meta))
if request.user.has_perm(permission, obj):
return True
return False
def perm_list_checks(self, request, code, obj_list):
klass = self.base_checks(request, obj_list.model)
if klass is False:
return []
permission = '%s.%s_%s' % (klass._meta.app_label, code,
get_module_name(klass._meta))
if self.check_user_perm(request.user, permission, obj_list):
return obj_list
return obj_list.none()
def delete_detail(self, object_list, bundle):
klass = self.base_checks(bundle.request, bundle.obj.__class__)
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")
permission = '%s.delete_%s' % (klass._meta.app_label, get_module_name(klass._meta))
if not bundle.request.user.has_perm(permission):
raise Unauthorized("You are not allowed to access that resource.")
return True
def delete_list(self, object_list, bundle):
klass = self.base_checks(bundle.request, object_list.model)
if klass is False:
return []
permission = '%s.delete_%s' % (klass._meta.app_label, get_module_name(klass._meta))
if not bundle.request.user.has_perm(permission):
return []
return object_list
def delete_detail(self, object_list, bundle):
klass = self.base_checks(bundle.request, bundle.obj.__class__)
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")
permission = '%s.delete_%s' % (klass._meta.app_label,
get_module_name(klass._meta))
if not bundle.request.user.has_perm(permission):
raise Unauthorized("You are not allowed to access that resource.")
return True
def delete_list(self, object_list, bundle):
klass = self.base_checks(bundle.request, object_list.model)
if klass is False:
return []
permission = '%s.delete_%s' % (klass._meta.app_label,
get_module_name(klass._meta))
if not bundle.request.user.has_perm(permission):
return []
return object_list
def perm_obj_checks(self, request, code, obj):
klass = self.base_checks(request, obj.__class__)
if klass is False:
raise Unauthorized("You are not allowed to access that resource.")
permission = '%s.%s_%s' % (
klass._meta.app_label,
code,
get_module_name(klass._meta)
)
if request.user.has_perm(permission, obj):
return True
return False
def perm_list_checks(self, request, code, obj_list):
klass = self.base_checks(request, obj_list.model)
if klass is False:
return []
permission = '%s.%s_%s' % (
klass._meta.app_label,
code,
get_module_name(klass._meta)
)
if self.check_user_perm(request.user, permission, obj_list):
return obj_list
return obj_list.none()
def check_django_perm(self, scope, action, object_list, bundle):
if isinstance(self.require_perm, str) and bundle.request.user.has_perm(
self.require_perm):
return True
else:
# loosely adopted from DjangoAuthorization
perm_action_map = {
'read': 'view',
'update': 'change',
'delete': 'delete',
'create': 'add'
}
if scope == 'list':
model = object_list.model
else:
model = bundle.obj.__class__
perm_action = perm_action_map.get(action)
permission = '{}.{}_{}'.format(model._meta.app_label, perm_action,
get_module_name(model._meta))
if bundle.request.user.has_perm(permission):
return True
raise Unauthorized("You are not allowed to access that resource.")
