def get_schema(self, request, **kwargs): """ Overriding get_schema method because of altering resource schema based on user permissions. """ self.method_check(request, allowed=['get']) self.is_authenticated(request) # self.is_authorized(request) self.throttle_check(request) self.log_throttled_access(request) schema = self.build_schema() allowed_methods = [] res_model = self._meta.object_class for request_str, perm_str in REST_PERMS.items(): if has_model_permission(res_model, request.user, REST_PERMS[request_str]): allowed_methods.append(request_str.lower()) if not allowed_methods: return HttpResponseForbidden() schema['allowed_detail_http_methods'] = allowed_methods schema['allowed_list_http_methods'] = allowed_methods return self.create_response(request, schema)
def _fill_fields_pemissions(self, bundle): resource_model = self._meta.object_class user = bundle.request.user disabled_fields = [] read_only_fields = [] allowed_http_methods = [] # set allowed_http_methods also for request_str, perm_str in REST_PERMS.items(): if has_model_permission(resource_model, user, REST_PERMS[request_str]): allowed_http_methods.append(request_str.lower()) self._set_cached_field("allowed_http_methods", allowed_http_methods) self._set_cached_field("read_only_fields", read_only_fields) self._set_cached_field("disabled_fields", tuple(disabled_fields))