Пример #1
0
    def perm_obj_checks(self, request, code, obj):
        klass = self.base_checks(request, obj.__class__)
        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

        permission = '%s.%s_%s' % (
            klass._meta.app_label,
            code,
            get_module_name(klass._meta)
        )

        # Additional check: The logged in user owns the resource
        if self.check_user_perm(request.user, permission, obj):
            if request.method == 'GET':
                if get_module_name(klass._meta) is 'resourceinfotype_model' \
                        and (request.user.is_superuser or is_member(request.user, 'elrcReviewers') or \
                                     (is_member(request.user,
                                                'ecmembers') and obj.storage_object.publication_status != 'i')
                             or request.user in obj.owners.all()):
                    return True
                else:
                    return False
            elif request.method == 'PATCH':
                if get_module_name(klass._meta) is 'resourceinfotype_model' \
                        and (request.user.is_superuser or is_member(request.user, 'elrcReviewers') or \
                             request.user in obj.owners.all()):
                    return True
                else:
                    return False
            return True

        raise Unauthorized("You are not allowed to access that resource.")
Пример #2
0
    def perm_list_checks(self, request, code, obj_list):
        klass = self.base_checks(request, obj_list.model)
        if klass is False:
            return []

        permission = '%s.%s_%s' % (
            klass._meta.app_label,
            code,
            get_module_name(klass._meta)
        )

        if self.check_user_perm(request.user, permission, obj_list):
            if get_module_name(klass._meta) is "resourceinfotype_model" and not \
                    (is_member(request.user, 'ecmembers') or is_member(request.user, 'elrcReviewers')
                     or request.user.is_superuser):
                return obj_list.filter(owners__in=[request.user])
            else:
                return obj_list

        return obj_list.none()
    def perm_obj_checks(self, request, code, obj):
        klass = self.base_checks(request, obj.__class__)
        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

        permission = '%s.%s_%s' % (klass._meta.app_label, code,
                                   get_module_name(klass._meta))

        if request.user.has_perm(permission, obj):
            return True

        return False
Пример #4
0
    def perm_list_checks(self, request, code, obj_list):
        klass = self.base_checks(request, obj_list.model)
        if klass is False:
            return []

        permission = '%s.%s_%s' % (klass._meta.app_label, code,
                                   get_module_name(klass._meta))

        if self.check_user_perm(request.user, permission, obj_list):
            return obj_list

        return obj_list.none()
Пример #5
0
    def delete_detail(self, object_list, bundle):
        klass = self.base_checks(bundle.request, bundle.obj.__class__)

        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

        permission = '%s.delete_%s' % (klass._meta.app_label, get_module_name(klass._meta))

        if not bundle.request.user.has_perm(permission):
            raise Unauthorized("You are not allowed to access that resource.")

        return True
Пример #6
0
    def delete_list(self, object_list, bundle):
        klass = self.base_checks(bundle.request, object_list.model)

        if klass is False:
            return []

        permission = '%s.delete_%s' % (klass._meta.app_label, get_module_name(klass._meta))

        if not bundle.request.user.has_perm(permission):
            return []

        return object_list
Пример #7
0
    def delete_detail(self, object_list, bundle):
        klass = self.base_checks(bundle.request, bundle.obj.__class__)

        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

        permission = '%s.delete_%s' % (klass._meta.app_label,
                                       get_module_name(klass._meta))

        if not bundle.request.user.has_perm(permission):
            raise Unauthorized("You are not allowed to access that resource.")

        return True
Пример #8
0
    def delete_list(self, object_list, bundle):
        klass = self.base_checks(bundle.request, object_list.model)

        if klass is False:
            return []

        permission = '%s.delete_%s' % (klass._meta.app_label,
                                       get_module_name(klass._meta))

        if not bundle.request.user.has_perm(permission):
            return []

        return object_list
    def perm_obj_checks(self, request, code, obj):
        klass = self.base_checks(request, obj.__class__)
        if klass is False:
            raise Unauthorized("You are not allowed to access that resource.")

        permission = '%s.%s_%s' % (
            klass._meta.app_label,
            code,
            get_module_name(klass._meta)
        )

        if request.user.has_perm(permission, obj):
            return True

        return False
Пример #10
0
    def perm_list_checks(self, request, code, obj_list):
        klass = self.base_checks(request, obj_list.model)
        if klass is False:
            return []

        permission = '%s.%s_%s' % (
            klass._meta.app_label,
            code,
            get_module_name(klass._meta)
        )

        if self.check_user_perm(request.user, permission, obj_list):
            return obj_list

        return obj_list.none()
Пример #11
0
 def check_django_perm(self, scope, action, object_list, bundle):
     if isinstance(self.require_perm, str) and bundle.request.user.has_perm(
             self.require_perm):
         return True
     else:
         # loosely adopted from DjangoAuthorization
         perm_action_map = {
             'read': 'view',
             'update': 'change',
             'delete': 'delete',
             'create': 'add'
         }
         if scope == 'list':
             model = object_list.model
         else:
             model = bundle.obj.__class__
         perm_action = perm_action_map.get(action)
         permission = '{}.{}_{}'.format(model._meta.app_label, perm_action,
                                        get_module_name(model._meta))
         if bundle.request.user.has_perm(permission):
             return True
     raise Unauthorized("You are not allowed to access that resource.")