def check_object_permissions(self, request, obj):
"""
Check if the request should be permitted for a given object.
Raises an appropriate exception if the request is not permitted.
Calls DRF implementation, but adds `is_disabled_by_developer` and
`is_disabled_by_mozilla` to the exception being thrown so that clients
can tell the difference between a 401/403 returned because an add-on
has been disabled by their developer or something else.
"""
for restriction in self.get_georestrictions():
if not restriction.has_object_permission(request, self, obj):
raise UnavailableForLegalReasons()
try:
super(AddonViewSet, self).check_object_permissions(request, obj)
except exceptions.APIException as exc:
# Override exc.detail with a dict so that it's returned as-is in
# the response. The base implementation for exc.get_codes() does
# not expect dicts in that format, so override it as well with a
# lambda that returns what would have been returned before our
# changes.
codes = exc.get_codes()
exc.get_codes = lambda: codes
exc.detail = {
'detail': exc.detail,
'is_disabled_by_developer': obj.disabled_by_user,
'is_disabled_by_mozilla': obj.status == amo.STATUS_DISABLED,
}
raise exc
def check_permissions(self, request):
for restriction in self.get_georestrictions():
if not restriction.has_permission(request, self):
raise UnavailableForLegalReasons()
if self.action in ('create', 'update', 'partial_update'):
self.permission_classes = self.write_permission_classes
super().check_permissions(request)
def check_object_permissions(self, request, obj):
"""
Check if the request should be permitted for a given object.
Raises an appropriate exception if the request is not permitted.
Calls DRF implementation, but adds `is_disabled_by_developer` and
`is_disabled_by_mozilla` to the exception being thrown so that clients
can tell the difference between a 401/403 returned because an add-on
has been disabled by their developer or something else.
On top of this, can also raise a 451 if the add-on is not available
because of regional restrictions - no additional detail is available
in that case.
"""
try:
super(AddonViewSet, self).check_object_permissions(request, obj)
except exceptions.APIException as exc:
# Override exc.detail with a dict so that it's returned as-is in
# the response. The base implementation for exc.get_codes() does
# not expect dicts in that format, so override it as well with a
# lambda that returns what would have been returned before our
# changes.
codes = exc.get_codes()
exc.get_codes = lambda: codes
exc.detail = {
'detail': exc.detail,
'is_disabled_by_developer': obj.disabled_by_user,
'is_disabled_by_mozilla': obj.status == amo.STATUS_DISABLED,
}
raise exc
region_code = (
self.request and self.request.META.get(
'HTTP_X_COUNTRY_CODE', None))
if region_code and AddonRegionalRestrictions.objects.filter(
addon=obj,
excluded_regions__contains=region_code.upper()).exists():
raise UnavailableForLegalReasons()
def check_permissions(self, request):
for restriction in self.get_georestrictions():
if not restriction.has_permission(request, self):
raise UnavailableForLegalReasons()
super().check_permissions(request)