def get_api_perms(request): """ Return all API perms for @groups and users. Format: {resource: {create/read/update/delete: [users, @groups]}} """ perms = {} ret = get_url_with_resource(request) for obj in models.ResourcePermission.objects.all(): name = URL_ARG_RE.sub(r'{\1}', obj.resource.name) if name not in ret: continue url = ret[name] if read_permission_for_all() and obj.permission.name == 'read': members_list = ['@all'] else: members_list = get_users_and_groups(obj) perms.setdefault(name, OrderedDict()).setdefault(obj.permission.name, members_list) perms.setdefault(name, OrderedDict()).setdefault('url', url) # sort groups and users for resource in perms: for perm in perms[resource]: if not isinstance(perms[resource][perm], set): # sort only lists with groups and users, skip 'url' continue perms[resource][perm] = sorted(perms[resource][perm]) result = OrderedDict(sorted(perms.items())) return result
def has_permission(self, permission, request, view): if request.user.is_superuser or (hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK') and settings.DISABLE_RESOURCE_PERMISSION_CHECK): return True api_name = request.path.replace("%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION), '').strip('/') internal_permission = self._convert_permission(request.method) if not internal_permission or (read_permission_for_all() and internal_permission == 'read'): return True return self._has_permission(internal_permission, request.user, str(view.__class__), api_name)
def get_resource_permission_set(user): resource_permission_set = set([]) if user.is_superuser: resource_permission_set = set([obj for obj in models.ResourcePermission.objects.all()]) else: if read_permission_for_all(): resource_permission_set = set([obj for obj in models.ResourcePermission.objects.filter( permission__name__iexact='read')]) group_id_list = [group.id for group in user.groups.all()] queryset = models.GroupResourcePermission.objects.filter(group__id__in=group_id_list) for group_resource_permission in queryset: resource_permission_set.add(group_resource_permission.resource_permission) return resource_permission_set
def has_permission(self, permission, request, view): if request.user.is_superuser or ( hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK') and settings.DISABLE_RESOURCE_PERMISSION_CHECK): return True api_name = request.path.replace( "%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION), '').strip('/') internal_permission = self._convert_permission(request.method) if not internal_permission or (read_permission_for_all() and internal_permission == 'read'): return True return self._has_permission(internal_permission, request.user, str(view.__class__), api_name)
def get_resource_permission_set(user): resource_permission_set = set([]) if user.is_superuser: resource_permission_set = set( [obj for obj in models.ResourcePermission.objects.all()]) else: if read_permission_for_all(): resource_permission_set = set([ obj for obj in models.ResourcePermission.objects.filter( permission__name__iexact='read') ]) group_id_list = [group.id for group in user.groups.all()] queryset = models.GroupResourcePermission.objects.filter( group__id__in=group_id_list) for group_resource_permission in queryset: resource_permission_set.add( group_resource_permission.resource_permission) return resource_permission_set