def get(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm( 'api.manage_books') and book_security.has_perm( 'api.list_chapters'): return super(ChapterListCreate, self).get(request, *args, **kwargs) raise PermissionDenied
def patch(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm( 'api.manage_books') and book_security.has_perm( 'api.update_chapters'): return super(ChapterRetrieveUpdateDestroy, self).patch(request, *args, **kwargs) raise PermissionDenied
def get(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.list_chapters'): return super(ChapterListCreate, self).get(request, *args, **kwargs) raise PermissionDenied
def patch(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.update_chapters'): return super(ChapterRetrieveUpdateDestroy, self).patch(request, *args, **kwargs) raise PermissionDenied
def get(self, request, book_id, pk, format=None): try: book = Book.objects.get(id=book_id) user = User.objects.get(id=pk) except (Book.DoesNotExist, User.DoesNotExist): raise NotFound book_security = BookSecurity(request.user, book) if not book_security.has_perm('api.manage_books'): raise PermissionDenied permissions = set() # default permissions for perm in Role.objects.get(name='registered_users').permissions.all(): permissions.add('{}.{}'.format(perm.app_name, perm.name)) # get book permissions for book_role in user.roles.filter(book=book): for perm in book_role.role.permissions.all(): permissions.add('{}.{}'.format(perm.app_name, perm.name)) permissions = list(permissions) permissions.sort() return Response(permissions)
def get(self, request, book_id, pk, format=None): try: book = Book.objects.get(id=book_id) user = User.objects.get(id=pk) except (Book.DoesNotExist, User.DoesNotExist): raise NotFound book_security = BookSecurity(request.user, book) if not book_security.has_perm('api.manage_books'): raise PermissionDenied roles = {'default_roles': [], 'book_roles': []} # default roles roles['default_roles'].append( core_serializers.SimpleRoleSerializer( Role.objects.get(name='registered_users')).data) print Role.objects.get(name='registered_users').permissions # get book roles for role in user.roles.filter(book=book): roles['book_roles'].append( core_serializers.SimpleBookRoleSerializer(role).data) return Response(roles)
def get(self, request, book_id, pk, format=None): try: book = Book.objects.get(id=book_id) user = User.objects.get(id=pk) except (Book.DoesNotExist, User.DoesNotExist): raise NotFound book_security = BookSecurity(request.user, book) if not book_security.has_perm('api.manage_books'): raise PermissionDenied permissions = set() # default permissions for perm in Role.objects.get( name='registered_users').permissions.all(): permissions.add('{}.{}'.format(perm.app_name, perm.name)) # get book permissions for book_role in user.roles.filter(book=book): for perm in book_role.role.permissions.all(): permissions.add('{}.{}'.format(perm.app_name, perm.name)) permissions = list(permissions) permissions.sort() return Response(permissions)
def get(self, request, book_id, pk, format=None): try: book = Book.objects.get(id=book_id) user = User.objects.get(id=pk) except (Book.DoesNotExist, User.DoesNotExist): raise NotFound book_security = BookSecurity(request.user, book) if not book_security.has_perm('api.manage_books'): raise PermissionDenied roles = {'default_roles': [], 'book_roles': []} # default roles roles['default_roles'].append(core_serializers.SimpleRoleSerializer( Role.objects.get(name='registered_users') ).data) print Role.objects.get(name='registered_users').permissions # get book roles for role in user.roles.filter(book=book): roles['book_roles'].append(core_serializers.SimpleBookRoleSerializer(role).data) return Response(roles)
def get(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.manage_books'): return super(BookUserList, self).get(request, *args, **kwargs) raise PermissionDenied
def delete(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.delete_metadata'): return super(MetadataRetrieveUpdateDestroy, self).delete(request, *args, **kwargs) raise PermissionDenied
def post(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.create_metadata'): return super(MetadataListCreate, self).post(request, *args, **kwargs) raise PermissionDenied
def get(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.list_chapters'): return super(ChapterRetrieveUpdateDestroy, self).get(request, *args, **kwargs) raise PermissionDenied
def get(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) # TODO think about permissions if book_security.has_perm('edit.edit_book'): return super(BookAttachmentList, self).get(request, *args, **kwargs) raise PermissionDenied
def delete(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm( 'api.manage_books') and book_security.has_perm( 'api.delete_chapters'): self._chapter = self.get_object() respone = super(ChapterRetrieveUpdateDestroy, self).delete(request, *args, **kwargs) if respone.status_code is status.HTTP_204_NO_CONTENT: self._delete_notifications() logBookHistory(book=self._book, version=self._book.version, args={'chapter': self._chapter.title}, user=self.request.user, kind='chapter_delete') return respone raise PermissionDenied
def delete(self, request, *args, **kwargs): book_security = BookSecurity(request.user, self._get_book()) if book_security.has_perm('api.delete_chapters'): self._chapter = self.get_object() respone = super(ChapterRetrieveUpdateDestroy, self).delete(request, *args, **kwargs) if respone.status_code is status.HTTP_204_NO_CONTENT: self._delete_notifications() logBookHistory(book=self._book, version=self._book.version, args={'chapter': self._chapter.title}, user=self.request.user, kind='chapter_delete') return respone raise PermissionDenied
def post(self, request, *args, **kwargs): # TODO test it and cover with tests book_security = BookSecurity(request.user, self._get_book()) user = request.user can_upload_attachment = book_security.has_perm( 'edit.upload_attachment') if not user.is_superuser and not can_upload_attachment and self._book.owner != user: raise PermissionDenied stat = BookStatus.objects.filter(book=self._book)[0] if 'file' not in request.FILES: raise ValidationError({'file': ['"file" is required.']}) file_data = request.FILES['file'] attname, attext = os.path.splitext(file_data.name) available_extensions = ('jpg', 'png', 'jpeg', 'gif') if attext.rsplit('.', 1)[-1].lower() not in available_extensions: raise ValidationError({ 'file': [ 'Not supported extension. Available extensions: {}'.format( ' '.join(available_extensions)) ] }) with transaction.atomic(): att = Attachment( version=self._book.version, # must remove this reference created=datetime.datetime.now(), book=self._book, status=stat) att.save() att.attachment.save('{}{}'.format(booktype_slugify(attname), attext), file_data, save=False) att.save() # notificatoin message channel_name = "/booktype/book/{}/{}/".format( self._book.id, self._book.version.get_version()) clnts = sputnik.smembers( "sputnik:channel:{}:channel".format(channel_name)) message = { 'channel': channel_name, 'command': 'notification', 'message': 'notification_new_attachment_uploaded', 'username': self.request.user.username, 'message_args': (att.get_name(), ) } for c in clnts: if c.strip() != '': sputnik.push("ses:%s:messages" % c, json.dumps(message)) # response serializer_instance = self.serializer_class(att) return Response(serializer_instance.data, status=status.HTTP_201_CREATED)
def post(self, request, *args, **kwargs): # TODO test it and cover with tests book_security = BookSecurity(request.user, self._get_book()) user = request.user can_upload_attachment = book_security.has_perm('edit.upload_attachment') if not user.is_superuser and not can_upload_attachment and self._book.owner != user: raise PermissionDenied stat = BookStatus.objects.filter(book=self._book)[0] if 'file' not in request.FILES: raise ValidationError({'file': ['"file" is required.']}) file_data = request.FILES['file'] attname, attext = os.path.splitext(file_data.name) available_extensions = ('jpg', 'png', 'jpeg', 'gif') if attext.rsplit('.', 1)[-1].lower() not in available_extensions: raise ValidationError({'file': [ 'Not supported extension. Available extensions: {}'.format( ' '.join(available_extensions)) ]}) with transaction.atomic(): att = Attachment( version=self._book.version, # must remove this reference created=datetime.datetime.now(), book=self._book, status=stat ) att.save() att.attachment.save( '{}{}'.format(booktype_slugify(attname), attext), file_data, save=False ) att.save() # notificatoin message channel_name = "/booktype/book/{}/{}/".format(self._book.id, self._book.version.get_version()) clnts = sputnik.smembers( "sputnik:channel:{}:channel".format(channel_name)) message = { 'channel': channel_name, 'command': 'notification', 'message': 'notification_new_attachment_uploaded', 'username': self.request.user.username, 'message_args': (att.get_name(),) } for c in clnts: if c.strip() != '': sputnik.push("ses:%s:messages" % c, json.dumps(message)) # response serializer_instance = self.serializer_class(att) return Response(serializer_instance.data, status=status.HTTP_201_CREATED)