def __init__(self, get_response=None):
super(RevisionMiddleware, self).__init__()
# Support Django 1.10 middleware.
if get_response is not None:
self.get_response = create_revision(
manage_manually=self.manage_manually,
using=self.using)(get_response)
def __init__(self, get_response):
self.get_response = create_revision(
manage_manually=self.manage_manually,
using=self.using,
atomic=self.atomic,
request_creates_revision=self.request_creates_revision
)(get_response)
def process_view(self, request, callback, callback_args, callback_kwargs):
if getattr(request, 'revision_processing_done', False):
return None
if getattr(callback, 'revision_exempt', False):
return None
# Assume that anything not defined as 'safe' by RFC7231 needs protection
if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
return create_revision()(callback)(request, *callback_args,
**callback_kwargs)
return self._accept(request)
def __init__(self, get_response=None):
super(RevisionMiddleware, self).__init__()
# Support Django 1.10 middleware.
if get_response is not None:
self.__call__ = create_revision()(get_response)
def __init__(self, get_response):
if get_response is not None:
self.get_response = create_revision()(get_response)
self.original_get_response = get_response
def __init__(self, get_response=None):
super(RevisionMiddleware, self).__init__()
# Support Django 1.10 middleware.
if get_response is not None:
self.__call__ = create_revision()(get_response)
def __init__(self, get_response=None):
super(RevisionMiddleware, self).__init__()
# Support Django 1.10 middleware.
if get_response is not None:
self.get_response = create_revision(manage_manually=self.manage_manually, using=self.using)(get_response)
class SushiCredentialsViewSet(ModelViewSet):
serializer_class = SushiCredentialsSerializer
queryset = SushiCredentials.objects.none()
def get_queryset(self):
user_organizations = self.request.user.accessible_organizations()
qs = SushiCredentials.objects.filter(organization__in=user_organizations).\
select_related('organization', 'platform').prefetch_related('active_counter_reports')
organization_id = self.request.query_params.get('organization')
if organization_id:
qs = qs.filter(**organization_filter_from_org_id(
organization_id, self.request.user))
# we add info about locked status for current user
org_to_level = {}
for sc in qs: # type: SushiCredentials
if sc.organization_id not in org_to_level:
org_to_level[sc.organization_id] = \
self.request.user.organization_relationship(sc.organization_id)
user_org_level = org_to_level[sc.organization_id]
if user_org_level >= sc.lock_level:
sc.locked_for_me = False
else:
sc.locked_for_me = True
if user_org_level >= UL_CONS_STAFF:
sc.can_lock = True
else:
sc.can_lock = False
return qs
@method_decorator(create_revision())
def update(self, request, *args, **kwargs):
reversion.set_comment('Updated through API')
return super().update(request, *args, **kwargs)
@method_decorator(create_revision())
def create(self, request, *args, **kwargs):
reversion.set_comment('Created through API')
return super().create(request, *args, **kwargs)
@method_decorator(create_revision())
def destroy(self, request, *args, **kwargs):
credentials = self.get_object() # type: SushiCredentials
if credentials.can_edit(request.user):
reversion.set_comment('Deleted through API')
return super().destroy(request, *args, **kwargs)
else:
raise PermissionDenied('User is not allowed to delete this object')
@action(detail=True,
methods=['post'],
permission_classes=[SuperuserOrAdminPermission])
def lock(self, request, pk=None):
"""
Custom action to lock the SushiCredentials
"""
credentials = get_object_or_404(SushiCredentials, pk=pk)
owner_level = request.user.organization_relationship(
credentials.organization_id)
requested_level = request.data.get('lock_level', owner_level)
credentials.change_lock(request.user, requested_level)
return Response({
'ok': True,
'lock_level': credentials.lock_level,
'locked': credentials.lock_level >= UL_CONS_STAFF
})