def get_api_perms(request):
"""
Return all API perms for @groups and users.
Format: {resource: {create/read/update/delete: [users, @groups]}}
"""
perms = {}
ret = get_url_with_resource(request)
for obj in models.ResourcePermission.objects.all():
name = URL_ARG_RE.sub(r'{\1}', obj.resource.name)
if name not in ret:
continue
url = ret[name]
if read_permission_for_all() and obj.permission.name == 'read':
members_list = ['@all']
else:
members_list = get_users_and_groups(obj)
perms.setdefault(name,
OrderedDict()).setdefault(obj.permission.name,
members_list)
perms.setdefault(name, OrderedDict()).setdefault('url', url)
# sort groups and users
for resource in perms:
for perm in perms[resource]:
if not isinstance(perms[resource][perm], set):
# sort only lists with groups and users, skip 'url'
continue
perms[resource][perm] = sorted(perms[resource][perm])
result = OrderedDict(sorted(perms.items()))
return result
def get_api_perms(request):
"""
Return all API perms for @groups and users.
Format: {resource: {create/read/update/delete: [users, @groups]}}
"""
perms = {}
ret = get_url_with_resource(request)
for obj in models.ResourcePermission.objects.all():
name = URL_ARG_RE.sub(r'{\1}', obj.resource.name)
if name not in ret:
continue
url = ret[name]
if read_permission_for_all() and obj.permission.name == 'read':
members_list = ['@all']
else:
members_list = get_users_and_groups(obj)
perms.setdefault(name, OrderedDict()).setdefault(obj.permission.name, members_list)
perms.setdefault(name, OrderedDict()).setdefault('url', url)
# sort groups and users
for resource in perms:
for perm in perms[resource]:
if not isinstance(perms[resource][perm], set):
# sort only lists with groups and users, skip 'url'
continue
perms[resource][perm] = sorted(perms[resource][perm])
result = OrderedDict(sorted(perms.items()))
return result
def has_permission(self, permission, request, view):
if request.user.is_superuser or (hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK') and
settings.DISABLE_RESOURCE_PERMISSION_CHECK):
return True
api_name = request.path.replace("%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION), '').strip('/')
internal_permission = self._convert_permission(request.method)
if not internal_permission or (read_permission_for_all() and internal_permission == 'read'):
return True
return self._has_permission(internal_permission, request.user, str(view.__class__), api_name)
def get_resource_permission_set(user):
resource_permission_set = set([])
if user.is_superuser:
resource_permission_set = set([obj for obj in models.ResourcePermission.objects.all()])
else:
if read_permission_for_all():
resource_permission_set = set([obj for obj in models.ResourcePermission.objects.filter(
permission__name__iexact='read')])
group_id_list = [group.id for group in user.groups.all()]
queryset = models.GroupResourcePermission.objects.filter(group__id__in=group_id_list)
for group_resource_permission in queryset:
resource_permission_set.add(group_resource_permission.resource_permission)
return resource_permission_set
def has_permission(self, permission, request, view):
if request.user.is_superuser or (
hasattr(settings, 'DISABLE_RESOURCE_PERMISSION_CHECK')
and settings.DISABLE_RESOURCE_PERMISSION_CHECK):
return True
api_name = request.path.replace(
"%s%s/" % (settings.REST_API_URL, settings.REST_API_VERSION),
'').strip('/')
internal_permission = self._convert_permission(request.method)
if not internal_permission or (read_permission_for_all()
and internal_permission == 'read'):
return True
return self._has_permission(internal_permission, request.user,
str(view.__class__), api_name)
def get_resource_permission_set(user):
resource_permission_set = set([])
if user.is_superuser:
resource_permission_set = set(
[obj for obj in models.ResourcePermission.objects.all()])
else:
if read_permission_for_all():
resource_permission_set = set([
obj for obj in models.ResourcePermission.objects.filter(
permission__name__iexact='read')
])
group_id_list = [group.id for group in user.groups.all()]
queryset = models.GroupResourcePermission.objects.filter(
group__id__in=group_id_list)
for group_resource_permission in queryset:
resource_permission_set.add(
group_resource_permission.resource_permission)
return resource_permission_set
