Exemplo n.º 1
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm(
                'api.manage_books') and book_security.has_perm(
                    'api.list_chapters'):
            return super(ChapterListCreate, self).get(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 2
0
    def patch(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm(
                'api.manage_books') and book_security.has_perm(
                    'api.update_chapters'):
            return super(ChapterRetrieveUpdateDestroy,
                         self).patch(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 3
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.list_chapters'):
            return super(ChapterListCreate, self).get(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 4
0
    def patch(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.update_chapters'):
            return super(ChapterRetrieveUpdateDestroy, self).patch(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 5
0
    def get(self, request, book_id, pk, format=None):
        try:
            book = Book.objects.get(id=book_id)
            user = User.objects.get(id=pk)
        except (Book.DoesNotExist, User.DoesNotExist):
            raise NotFound

        book_security = BookSecurity(request.user, book)

        if not book_security.has_perm('api.manage_books'):
            raise PermissionDenied

        permissions = set()

        # default permissions
        for perm in Role.objects.get(name='registered_users').permissions.all():
            permissions.add('{}.{}'.format(perm.app_name, perm.name))

        # get book permissions
        for book_role in user.roles.filter(book=book):
            for perm in book_role.role.permissions.all():
                permissions.add('{}.{}'.format(perm.app_name, perm.name))

        permissions = list(permissions)
        permissions.sort()

        return Response(permissions)
Exemplo n.º 6
0
    def get(self, request, book_id, pk, format=None):
        try:
            book = Book.objects.get(id=book_id)
            user = User.objects.get(id=pk)
        except (Book.DoesNotExist, User.DoesNotExist):
            raise NotFound

        book_security = BookSecurity(request.user, book)

        if not book_security.has_perm('api.manage_books'):
            raise PermissionDenied

        roles = {'default_roles': [], 'book_roles': []}

        # default roles
        roles['default_roles'].append(
            core_serializers.SimpleRoleSerializer(
                Role.objects.get(name='registered_users')).data)

        print Role.objects.get(name='registered_users').permissions

        # get book roles
        for role in user.roles.filter(book=book):
            roles['book_roles'].append(
                core_serializers.SimpleBookRoleSerializer(role).data)

        return Response(roles)
Exemplo n.º 7
0
    def get(self, request, book_id, pk, format=None):
        try:
            book = Book.objects.get(id=book_id)
            user = User.objects.get(id=pk)
        except (Book.DoesNotExist, User.DoesNotExist):
            raise NotFound

        book_security = BookSecurity(request.user, book)

        if not book_security.has_perm('api.manage_books'):
            raise PermissionDenied

        permissions = set()

        # default permissions
        for perm in Role.objects.get(
                name='registered_users').permissions.all():
            permissions.add('{}.{}'.format(perm.app_name, perm.name))

        # get book permissions
        for book_role in user.roles.filter(book=book):
            for perm in book_role.role.permissions.all():
                permissions.add('{}.{}'.format(perm.app_name, perm.name))

        permissions = list(permissions)
        permissions.sort()

        return Response(permissions)
Exemplo n.º 8
0
    def get(self, request, book_id, pk, format=None):
        try:
            book = Book.objects.get(id=book_id)
            user = User.objects.get(id=pk)
        except (Book.DoesNotExist, User.DoesNotExist):
            raise NotFound

        book_security = BookSecurity(request.user, book)

        if not book_security.has_perm('api.manage_books'):
            raise PermissionDenied

        roles = {'default_roles': [], 'book_roles': []}

        # default roles
        roles['default_roles'].append(core_serializers.SimpleRoleSerializer(
            Role.objects.get(name='registered_users')
        ).data)

        print Role.objects.get(name='registered_users').permissions

        # get book roles
        for role in user.roles.filter(book=book):
            roles['book_roles'].append(core_serializers.SimpleBookRoleSerializer(role).data)

        return Response(roles)
Exemplo n.º 9
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.manage_books'):
            return super(BookUserList, self).get(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 10
0
    def delete(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.delete_metadata'):
            return super(MetadataRetrieveUpdateDestroy, self).delete(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 11
0
    def post(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.create_metadata'):
            return super(MetadataListCreate, self).post(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 12
0
    def delete(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.delete_metadata'):
            return super(MetadataRetrieveUpdateDestroy,
                         self).delete(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 13
0
    def post(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.create_metadata'):
            return super(MetadataListCreate,
                         self).post(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 14
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.list_chapters'):
            return super(ChapterRetrieveUpdateDestroy,
                         self).get(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 15
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        # TODO think about permissions
        if book_security.has_perm('edit.edit_book'):
            return super(BookAttachmentList, self).get(request, *args, **kwargs)

        raise PermissionDenied
Exemplo n.º 16
0
    def get(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        # TODO think about permissions
        if book_security.has_perm('edit.edit_book'):
            return super(BookAttachmentList, self).get(request, *args,
                                                       **kwargs)

        raise PermissionDenied
Exemplo n.º 17
0
    def delete(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm(
                'api.manage_books') and book_security.has_perm(
                    'api.delete_chapters'):
            self._chapter = self.get_object()

            respone = super(ChapterRetrieveUpdateDestroy,
                            self).delete(request, *args, **kwargs)

            if respone.status_code is status.HTTP_204_NO_CONTENT:
                self._delete_notifications()

                logBookHistory(book=self._book,
                               version=self._book.version,
                               args={'chapter': self._chapter.title},
                               user=self.request.user,
                               kind='chapter_delete')

            return respone

        raise PermissionDenied
Exemplo n.º 18
0
    def delete(self, request, *args, **kwargs):
        book_security = BookSecurity(request.user, self._get_book())

        if book_security.has_perm('api.delete_chapters'):
            self._chapter = self.get_object()

            respone = super(ChapterRetrieveUpdateDestroy, self).delete(request, *args, **kwargs)

            if respone.status_code is status.HTTP_204_NO_CONTENT:
                self._delete_notifications()

                logBookHistory(book=self._book, version=self._book.version,
                               args={'chapter': self._chapter.title},
                               user=self.request.user, kind='chapter_delete')

            return respone

        raise PermissionDenied
Exemplo n.º 19
0
    def post(self, request, *args, **kwargs):
        # TODO test it and cover with tests
        book_security = BookSecurity(request.user, self._get_book())
        user = request.user
        can_upload_attachment = book_security.has_perm(
            'edit.upload_attachment')

        if not user.is_superuser and not can_upload_attachment and self._book.owner != user:
            raise PermissionDenied

        stat = BookStatus.objects.filter(book=self._book)[0]

        if 'file' not in request.FILES:
            raise ValidationError({'file': ['"file" is required.']})

        file_data = request.FILES['file']
        attname, attext = os.path.splitext(file_data.name)
        available_extensions = ('jpg', 'png', 'jpeg', 'gif')
        if attext.rsplit('.', 1)[-1].lower() not in available_extensions:
            raise ValidationError({
                'file': [
                    'Not supported extension. Available extensions: {}'.format(
                        ' '.join(available_extensions))
                ]
            })

        with transaction.atomic():
            att = Attachment(
                version=self._book.version,
                # must remove this reference
                created=datetime.datetime.now(),
                book=self._book,
                status=stat)
            att.save()

            att.attachment.save('{}{}'.format(booktype_slugify(attname),
                                              attext),
                                file_data,
                                save=False)
            att.save()

        # notificatoin message
        channel_name = "/booktype/book/{}/{}/".format(
            self._book.id, self._book.version.get_version())
        clnts = sputnik.smembers(
            "sputnik:channel:{}:channel".format(channel_name))

        message = {
            'channel': channel_name,
            'command': 'notification',
            'message': 'notification_new_attachment_uploaded',
            'username': self.request.user.username,
            'message_args': (att.get_name(), )
        }

        for c in clnts:
            if c.strip() != '':
                sputnik.push("ses:%s:messages" % c, json.dumps(message))

        # response
        serializer_instance = self.serializer_class(att)

        return Response(serializer_instance.data,
                        status=status.HTTP_201_CREATED)
Exemplo n.º 20
0
    def post(self, request, *args, **kwargs):
        # TODO test it and cover with tests
        book_security = BookSecurity(request.user, self._get_book())
        user = request.user
        can_upload_attachment = book_security.has_perm('edit.upload_attachment')

        if not user.is_superuser and not can_upload_attachment and self._book.owner != user:
            raise PermissionDenied

        stat = BookStatus.objects.filter(book=self._book)[0]

        if 'file' not in request.FILES:
            raise ValidationError({'file': ['"file" is required.']})

        file_data = request.FILES['file']
        attname, attext = os.path.splitext(file_data.name)
        available_extensions = ('jpg', 'png', 'jpeg', 'gif')
        if attext.rsplit('.', 1)[-1].lower() not in available_extensions:
            raise ValidationError({'file': [
                'Not supported extension. Available extensions: {}'.format(
                    ' '.join(available_extensions))
            ]})

        with transaction.atomic():
            att = Attachment(
                version=self._book.version,
                # must remove this reference
                created=datetime.datetime.now(),
                book=self._book,
                status=stat
            )
            att.save()

            att.attachment.save(
                '{}{}'.format(booktype_slugify(attname), attext),
                file_data,
                save=False
            )
            att.save()

        # notificatoin message
        channel_name = "/booktype/book/{}/{}/".format(self._book.id,
                                                      self._book.version.get_version())
        clnts = sputnik.smembers(
            "sputnik:channel:{}:channel".format(channel_name))

        message = {
            'channel': channel_name,
            'command': 'notification',
            'message': 'notification_new_attachment_uploaded',
            'username': self.request.user.username,
            'message_args': (att.get_name(),)
        }

        for c in clnts:
            if c.strip() != '':
                sputnik.push("ses:%s:messages" % c, json.dumps(message))

        # response
        serializer_instance = self.serializer_class(att)

        return Response(serializer_instance.data, status=status.HTTP_201_CREATED)