Exemplo n.º 1
0
class CollectionViewSet(ModelViewSet):
    permission_classes = [
        AnyOf(
            # Collection authors can do everything.
            AllowCollectionAuthor,
            # Collection contributors can access an existing collection, and
            # change it's addons, but can't delete or edit it's details.
            AllOf(
                AllowCollectionContributor,
                PreventActionPermission(
                    ['create', 'list', 'update', 'destroy',
                     'partial_update'])),
            # Admins can do everything except create.
            AllOf(GroupPermission(amo.permissions.COLLECTIONS_EDIT),
                  PreventActionPermission('create')),
            # Everyone else can do read-only stuff, except list.
            AllOf(AllowReadOnlyIfPublic, PreventActionPermission('list'))),
    ]
    lookup_url_kwarg = 'slug'

    @property
    def lookup_field(self):
        identifier = self.kwargs.get(self.lookup_url_kwarg)
        if identifier and identifier.isdigit():
            lookup_field = 'pk'
        else:
            # If the identifier is anything other than a digit, it's the slug.
            lookup_field = 'slug'
        return lookup_field

    def get_account_viewset(self):
        if not hasattr(self, 'account_viewset'):
            self.account_viewset = AccountViewSet(
                request=self.request,
                permission_classes=[],  # We handled permissions already.
                kwargs={'pk': self.kwargs['user_pk']})
        return self.account_viewset

    def get_serializer_class(self):
        with_addons = ('with_addons' in self.request.GET
                       and self.action == 'retrieve')
        return (CollectionSerializer
                if not with_addons else CollectionWithAddonsSerializer)

    def get_queryset(self):
        return Collection.objects.filter(author=self.get_account_viewset().
                                         get_object()).order_by('-modified')

    def get_addons_queryset(self):
        collection_addons_viewset = CollectionAddonViewSet(
            request=self.request)
        # Set this to avoid a pointless lookup loop.
        collection_addons_viewset.collection_viewset = self
        # This needs to be list to make the filtering work.
        collection_addons_viewset.action = 'list'
        qs = collection_addons_viewset.get_queryset()
        # Now limit and sort
        limit = settings.REST_FRAMEWORK['PAGE_SIZE']
        sort = collection_addons_viewset.ordering[0]
        return qs.order_by(sort)[:limit]
Exemplo n.º 2
0
class CollectionViewSet(ModelViewSet):
    permission_classes = [
        AnyOf(
            # Collection authors can do everything.
            AllowCollectionAuthor,
            # Admins can do everything except create.
            AllOf(GroupPermission(amo.permissions.COLLECTIONS_EDIT),
                  PreventActionPermission('create')),
            # Everyone else can do read-only stuff, except list.
            AllOf(AllowReadOnlyIfPublic, PreventActionPermission('list'))),
    ]
    serializer_class = CollectionSerializer
    lookup_field = 'slug'

    def get_account_viewset(self):
        if not hasattr(self, 'account_viewset'):
            self.account_viewset = AccountViewSet(
                request=self.request,
                permission_classes=[],  # We handled permissions already.
                kwargs={'pk': self.kwargs['user_pk']})
        return self.account_viewset

    def get_queryset(self):
        return Collection.objects.filter(
            author=self.get_account_viewset().get_object())
Exemplo n.º 3
0
class CollectionViewSet(ModelViewSet):
    permission_classes = [
        AnyOf(
            # Collection authors can do everything.
            AllowCollectionAuthor,
            # Collection contributors can access an existing collection, and
            # change it's addons, but can't delete or edit it's details.
            AllOf(
                AllowCollectionContributor,
                PreventActionPermission(
                    ['create', 'list', 'update', 'destroy',
                     'partial_update'])),
            # Admins can do everything except create.
            AllOf(GroupPermission(amo.permissions.COLLECTIONS_EDIT),
                  PreventActionPermission('create')),
            # Everyone else can do read-only stuff, except list.
            AllOf(AllowReadOnlyIfPublic, PreventActionPermission('list'))),
    ]
    serializer_class = CollectionSerializer
    lookup_field = 'slug'

    def get_account_viewset(self):
        if not hasattr(self, 'account_viewset'):
            self.account_viewset = AccountViewSet(
                request=self.request,
                permission_classes=[],  # We handled permissions already.
                kwargs={'pk': self.kwargs['user_pk']})
        return self.account_viewset

    def get_queryset(self):
        return Collection.objects.filter(author=self.get_account_viewset().
                                         get_object()).order_by('-modified')
Exemplo n.º 4
0
class CollectionViewSet(ModelViewSet):
    # Note: CollectionAddonViewSet will call CollectionViewSet().get_object(),
    # causing the has_object_permission() method of these permissions to be
    # called. It will do so without setting an action however, bypassing the
    # PreventActionPermission() parts.
    permission_classes = [
        AnyOf(
            # Collection authors can do everything.
            AllowCollectionAuthor,
            # Collection contributors can access the featured themes collection
            # (it's community-managed) and change it's addons, but can't delete
            # or edit it's details.
            AllOf(
                AllowCollectionContributor,
                PreventActionPermission(
                    ('create', 'list', 'update', 'destroy', 'partial_update')),
            ),
            # Content curators can modify existing mozilla collections as they
            # see fit, but can't list or delete them.
            AllOf(
                AllowContentCurators,
                PreventActionPermission(('create', 'destroy', 'list')),
            ),
            # Everyone else can do read-only stuff, except list.
            AllOf(AllowReadOnlyIfPublic, PreventActionPermission('list')),
        ),
    ]
    lookup_field = 'slug'

    def get_account_viewset(self):
        if not hasattr(self, 'account_viewset'):
            self.account_viewset = AccountViewSet(
                request=self.request,
                permission_classes=[],  # We handled permissions already.
                kwargs={'pk': self.kwargs['user_pk']},
            )
        return self.account_viewset

    def get_serializer_class(self):
        with_addons = 'with_addons' in self.request.GET and self.action == 'retrieve'
        return (CollectionSerializer
                if not with_addons else CollectionWithAddonsSerializer)

    def get_queryset(self):
        return Collection.objects.filter(author=self.get_account_viewset().
                                         get_object()).order_by('-modified')

    def get_addons_queryset(self):
        collection_addons_viewset = CollectionAddonViewSet(
            request=self.request)
        # Set this to avoid a pointless lookup loop.
        collection_addons_viewset.collection = self.get_object()
        # This needs to be list to make the filtering work.
        collection_addons_viewset.action = 'list'
        qs = collection_addons_viewset.get_queryset()
        # Now limit and sort
        limit = settings.REST_FRAMEWORK['PAGE_SIZE']
        sort = collection_addons_viewset.ordering[0]
        return qs.order_by(sort)[:limit]