Exemplo n.º 1
0
def get_api_perms(request):
    """
    Return all API perms for @groups and users.
    Format: {resource: {create/read/update/delete: [users, @groups]}}
    """
    perms = {}
    ret = get_url_with_resource(request)

    for obj in models.ResourcePermission.objects.all():
        name = URL_ARG_RE.sub(r'{\1}', obj.resource.name)
        if name not in ret:
            continue
        url = ret[name]
        if read_permission_for_all() and obj.permission.name == 'read':
            members_list = ['@all']
        else:
            members_list = get_users_and_groups(obj)
        perms.setdefault(name,
                         OrderedDict()).setdefault(obj.permission.name,
                                                   members_list)
        perms.setdefault(name, OrderedDict()).setdefault('url', url)
    # sort groups and users
    for resource in perms:
        for perm in perms[resource]:
            if not isinstance(perms[resource][perm], set):
                # sort only lists with groups and users, skip 'url'
                continue
            perms[resource][perm] = sorted(perms[resource][perm])
    result = OrderedDict(sorted(perms.items()))
    return result
def get_api_perms(request):
    """
    Return all API perms for @groups and users.
    Format: {resource: {create/read/update/delete: [users, @groups]}}
    """
    perms = {}
    ret = get_url_with_resource(request)

    for obj in models.ResourcePermission.objects.all():
        name = URL_ARG_RE.sub(r'{\1}', obj.resource.name)
        if name not in ret:
            continue
        url = ret[name]
        if read_permission_for_all() and obj.permission.name == 'read':
            members_list = ['@all']
        else:
            members_list = get_users_and_groups(obj)
        perms.setdefault(name, OrderedDict()).setdefault(obj.permission.name, members_list)
        perms.setdefault(name, OrderedDict()).setdefault('url', url)
    # sort groups and users
    for resource in perms:
        for perm in perms[resource]:
            if not isinstance(perms[resource][perm], set):
                # sort only lists with groups and users, skip 'url'
                continue
            perms[resource][perm] = sorted(perms[resource][perm])
    result = OrderedDict(sorted(perms.items()))
    return result
 def has_permission(self, permission, request, view):
     if request.user.is_superuser or (hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK') and
                                      settings.DISABLE_RESOURCE_PERMISSION_CHECK):
         return True
     api_name = request.path.replace("%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION), '').strip('/')
     internal_permission = self._convert_permission(request.method)
     if not internal_permission or (read_permission_for_all() and internal_permission == 'read'):
         return True
     return self._has_permission(internal_permission, request.user, str(view.__class__), api_name)
def get_resource_permission_set(user):
    resource_permission_set = set([])
    if user.is_superuser:
        resource_permission_set = set([obj for obj in models.ResourcePermission.objects.all()])
    else:
        if read_permission_for_all():
            resource_permission_set = set([obj for obj in models.ResourcePermission.objects.filter(
                permission__name__iexact='read')])
        group_id_list = [group.id for group in user.groups.all()]
        queryset = models.GroupResourcePermission.objects.filter(group__id__in=group_id_list)

        for group_resource_permission in queryset:
            resource_permission_set.add(group_resource_permission.resource_permission)
    return resource_permission_set
Exemplo n.º 5
0
 def has_permission(self, permission, request, view):
     if request.user.is_superuser or (
             hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK')
             and settings.DISABLE_RESOURCE_PERMISSION_CHECK):
         return True
     api_name = request.path.replace(
         "%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION),
         '').strip('/')
     internal_permission = self._convert_permission(request.method)
     if not internal_permission or (read_permission_for_all()
                                    and internal_permission == 'read'):
         return True
     return self._has_permission(internal_permission, request.user,
                                 str(view.__class__), api_name)
Exemplo n.º 6
0
def get_resource_permission_set(user):
    resource_permission_set = set([])
    if user.is_superuser:
        resource_permission_set = set(
            [obj for obj in models.ResourcePermission.objects.all()])
    else:
        if read_permission_for_all():
            resource_permission_set = set([
                obj for obj in models.ResourcePermission.objects.filter(
                    permission__name__iexact='read')
            ])
        group_id_list = [group.id for group in user.groups.all()]
        queryset = models.GroupResourcePermission.objects.filter(
            group__id__in=group_id_list)

        for group_resource_permission in queryset:
            resource_permission_set.add(
                group_resource_permission.resource_permission)
    return resource_permission_set