def check_post_permissions(self, request, view, obj=None): if hasattr(view, 'parent_model'): parent_obj = view.get_parent_object() if not check_user_access(request.user, view.parent_model, 'read', parent_obj): return False if hasattr(view, 'parent_key'): if not check_user_access(request.user, view.model, 'add', {view.parent_key: parent_obj}): return False return True elif hasattr(view, 'obj_permission_type'): # Generic object-centric view permission check without object not needed if not obj: return True # Permission check that happens when get_object() is called extra_kwargs = {} if view.obj_permission_type == 'admin': extra_kwargs['data'] = {} return check_user_access(request.user, view.model, view.obj_permission_type, obj, **extra_kwargs) else: if obj: return True return check_user_access(request.user, view.model, 'add', request.data)
def check_get_permissions(self, request, view, obj=None): if hasattr(view, 'parent_model'): parent_obj = view.get_parent_object() if not check_user_access(request.user, view.parent_model, 'read', parent_obj): return False if not obj: return True return check_user_access(request.user, view.model, 'read', obj)
def check_put_permissions(self, request, view, obj=None): if not obj: # FIXME: For some reason this needs to return True # because it is first called with obj=None? return True if getattr(view, 'is_variable_data', False): return check_user_access(request.user, view.model, 'change', obj, dict(variables=request.data)) else: return check_user_access(request.user, view.model, 'change', obj, request.data)
def check_delete_permissions(self, request, view, obj=None): if not obj: # FIXME: For some reason this needs to return True # because it is first called with obj=None? return True return check_user_access(request.user, view.model, 'delete', obj)
def check_post_permissions(self, request, view, obj=None): inventory = get_object_or_400(view.model, pk=view.kwargs['pk']) return check_user_access(request.user, view.model, 'update', inventory)
def check_post_permissions(self, request, view, obj=None): project = get_object_or_400(view.model, pk=view.kwargs['pk']) return check_user_access(request.user, view.model, 'start', project)
def check_post_permissions(self, request, view, obj=None): approval = get_object_or_400(view.model, pk=view.kwargs['pk']) return check_user_access(request.user, view.model, 'approve_or_deny', approval)
def check_put_permissions(self, request, view, obj=None): if not obj: return True return check_user_access(request.user, view.model, 'change', obj, dict(variables=request.data))