def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
permission = action_to_permission(view.action)
if permission is None:
return False
user = request.user
queryset = view.get_queryset()
permission_handler = self.permission_handler(view)
has_perm = permission_handler.has_perm(user,
permission,
queryset=queryset,
view=view,
request=request)
setattr(request, 'user_has_perm', has_perm)
if has_perm:
return True
object_permissions = permission_handler.has_object_level_permissions(
user, permission, queryset=queryset)
if object_permissions:
return True
return has_perm
def has_object_permission(self, request, view, obj):
if getattr(request, 'user_has_perm', False):
return True
permission = action_to_permission(view.action)
user = request.user
queryset = view.get_queryset()
permission_handler = self.permission_handler(view)
return permission_handler.has_perm(user,
permission,
queryset=queryset,
obj=obj,
check_keyword_permissions=False)
def has_permission(self, request, view):
from lego.apps.events.models import Event
handler = get_permission_handler(Event)
perm = action_to_permission(view.action)
# Only check keyword permissions for CREATE
if perm is CREATE:
return handler.has_event_type_level_permission(
request.user, request, perm)
# The user needs to have permission to edit the event_type AND needs to pass the
# main permission check
if perm is EDIT:
if not handler.has_event_type_level_permission(
request.user, request, perm):
return False
return super().has_permission(request, view)
def get_permissions(viewset_cls):
routes = router.get_routes(viewset_cls)
actions = []
for route in routes:
actions += route.mapping.values()
return [action_to_permission(action) for action in actions]