Big Update : moderation and viewset permissions centralized

backend/models/tag/tag.py

 from django.db import models
-from rest_framework import permissions
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
-from backend.models.tools import IsAdminOrReadOnly
 from django.contrib.postgres.fields import JSONField
+from backend.utils import get_viewset_permissions, get_moderation_level
 
 
 class Tag(MyModel):
     """
     TODO description
     """
+    moderation_level = get_moderation_level("Tag")
+
     name = models.CharField(max_length=100, unique=True)
     config = JSONField(blank=True, default=dict)
 
@@ -20,9 +21,6 @@ class TagSerializer(MyModelSerializer):
 
 
 class TagViewSet(MyModelViewSet):
-    permission_classes = (
-        permissions.IsAuthenticated,
-        IsAdminOrReadOnly
-    )
+    permission_classes = get_viewset_permissions("TagViewSet")
     queryset = Tag.objects.all()  # pylint: disable=E1101
     serializer_class = TagSerializer

backend/models/tools/__init__.py

 from .DictModeViewSet import DictModeViewSet  # noqa: F401
-from .noDeleteIfNotAdmin import NoDeleteIfNotAdmin  # noqa: F401
-from .isOwner import IsOwner  # noqa: F401
-from .noDelete import NoDelete  # noqa: F401
-from .isAdminOrReadOnly import IsAdminOrReadOnly  # noqa: F401

backend/models/university/campus.py

@@ -3,9 +3,11 @@ from backend.models.module import BasicModule, BasicModuleSerializer, BasicModul
 from backend.models.location import City
 from backend.models.university import University
 from django.core.validators import MinValueValidator, MaxValueValidator
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Campus(BasicModule):
+    moderation_level = get_moderation_level("Campus")
 
     is_main_campus = models.BooleanField(null=False)
     name = models.CharField(max_length=200, null=True)
@@ -47,10 +49,12 @@ class CampusSerializer(BasicModuleSerializer):
 
 
 class CampusViewSet(BasicModuleViewSet):
+    permission_classes = get_viewset_permissions("CampusViewSet")
     queryset = Campus.objects.all()  # pylint: disable=E1101
     serializer_class = CampusSerializer
 
 
 class MainCampusViewSet(BasicModuleViewSet):
+    permission_classes = get_viewset_permissions("MainCampusViewSet")
     queryset = Campus.objects.filter(is_main_campus=True)
     serializer_class = CampusSerializer

backend/models/university/campusTaggedItem.py

 from django.db import models
 from backend.models.university import Campus
 from backend.models.tag import TaggedItem, TaggedItemSerializer, TaggedItemViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class CampusTaggedItem(TaggedItem):
+    moderation_level = get_moderation_level("CampusTaggedItem")
     campus = models.OneToOneField(
         Campus, on_delete=models.PROTECT, related_name='city_items', primary_key=True)
 
@@ -22,6 +24,6 @@ class CampusTaggedItemSerializer(TaggedItemSerializer):
 
 
 class CampusTaggedItemViewSet(TaggedItemViewSet):
-
+    permission_classes = get_viewset_permissions("CampusTaggedItemViewSet")
     queryset = CampusTaggedItem.objects.all()  # pylint: disable=E1101
     serializer_class = CampusTaggedItemSerializer

backend/models/university/university.py

 from django.db import models
 from backend.models.my_model import MyModel
 from backend.utils.friendly_path import friendly_path
+from backend.utils import get_moderation_level
 
 path_and_rename = friendly_path("uploads/universities/logos/", 'name')
 
@@ -9,6 +10,8 @@ class University(MyModel):
     """
     Model storing information about universities
     """
+    moderation_level = get_moderation_level("University")
+
     name = models.CharField(max_length=200)
     acronym = models.CharField(max_length=20, null=True, blank=True)
     logo = models.ImageField(upload_to=path_and_rename, max_length=250,

backend/models/university/universityAPI.py

 from backend.models.university import University
-from rest_framework import permissions
-from backend.models.tools import NoDeleteIfNotAdmin
 from backend.models.my_model import MyModelSerializer, MyModelViewSet
+from backend.utils import get_viewset_permissions
 
 
 class UniversitySerializer(MyModelSerializer):
@@ -12,10 +11,6 @@ class UniversitySerializer(MyModelSerializer):
 
 
 class UniversityViewSet(MyModelViewSet):
+    permission_classes = get_viewset_permissions("UniversityViewSet")
     serializer_class = UniversitySerializer
-
-    permission_classes = (
-        permissions.IsAuthenticated,
-        NoDeleteIfNotAdmin,
-    )
     queryset = University.objects.all()  # pylint: disable=E1101

backend/models/university/universityDri.py

 from django.db import models
 from backend.models.university import University
 from backend.models.module import DriRestrictedModule, DriRestrictedModuleSerializer, DriRestrictedModuleViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class UniversityDri(DriRestrictedModule):
+    moderation_level = get_moderation_level("UniversityDri")
     university = models.ManyToManyField(
         University, related_name="university_dri")
 
@@ -20,5 +22,6 @@ class UniversityDriSerializer(DriRestrictedModuleSerializer):
 
 
 class UniversityDriViewSet(DriRestrictedModuleViewSet):
+    permission_classes = get_viewset_permissions("UniversityDriViewSet")
     queryset = UniversityDri.objects.all()  # pylint: disable=E1101
     serializer_class = UniversityDriSerializer

backend/models/university/universityInfo.py

@@ -3,9 +3,11 @@ from backend.models.module import BasicModule, BasicModuleSerializer, BasicModul
 from backend.models.university import University
 from backend.models.location import Currency
 from django.core.validators import MinValueValidator
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class UniversityInfo(BasicModule):
+    moderation_level = get_moderation_level("UniversityInfo")
 
     university = models.OneToOneField(
         University, on_delete=models.CASCADE, related_name='university_info', primary_key=True, null=False)
@@ -39,5 +41,6 @@ class UniversityInfoSerializer(BasicModuleSerializer):
 
 
 class UniversityInfoViewSet(BasicModuleViewSet):
+    permission_classes = get_viewset_permissions("UniversityInfoViewSet")
     queryset = UniversityInfo.objects.all()  # pylint: disable=E1101
     serializer_class = UniversityInfoSerializer

backend/models/university/universityModulesAPI.py

@@ -3,6 +3,7 @@ from backend.models.university.campus import CampusSerializer
 
 from backend.models.university import UniversityDriSerializer
 from backend.models.my_model import MyModelSerializer, MyModelViewSet
+from backend.utils import get_viewset_permissions
 
 
 class UniversityModulesSerializer(MyModelSerializer):
@@ -15,7 +16,7 @@ class UniversityModulesSerializer(MyModelSerializer):
 
 
 class UniversityModulesViewSet(MyModelViewSet):
-
+    permission_classes = get_viewset_permissions("UniversityModulesViewSet")
     serializer_class = UniversityModulesSerializer
 
     def get_queryset(self):

backend/models/university/universityScholarship.py

 from django.db import models
 from backend.models.university import University
 from backend.models.module import Scholarship, ScholarshipSerializer, ScholarshipViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class UniversityScholarship(Scholarship):
+    moderation_level = get_moderation_level("UniversityScholarship")
     university = models.ForeignKey(
         University, on_delete=models.PROTECT, null=False, related_name="univScholarship")
 
@@ -20,5 +22,7 @@ class UniversityScholarshipSerializer(ScholarshipSerializer):
 
 
 class UniversityScholarshipViewSet(ScholarshipViewSet):
+    permission_classes = get_viewset_permissions(
+        "UniversityScholarshipViewSet")
     queryset = UniversityScholarship.objects.all()  # pylint: disable=E1101
     serializer_class = UniversityScholarshipSerializer

backend/models/university/universitySemestersDates.py

@@ -2,6 +2,7 @@ from django.db import models
 from backend.models.module import BasicModule, BasicModuleSerializer, BasicModuleViewSet
 from backend.models.university import University
 from rest_framework import serializers
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 def check_nones(val1, val2):
@@ -15,6 +16,7 @@ def check_nones(val1, val2):
 
 
 class UniversitySemestersDates(BasicModule):
+    moderation_level = get_moderation_level("UniversitySemestersDates")
 
     university = models.OneToOneField(
         University, on_delete=models.CASCADE, related_name='university_semesters_dates', primary_key=True, null=False)
@@ -54,5 +56,7 @@ class UniversitySemestersDatesSerializer(BasicModuleSerializer):
 
 
 class UniversitySemestersDatesViewSet(BasicModuleViewSet):
+    permission_classes = get_viewset_permissions(
+        "UniversitySemestersDatesViewSet")
     queryset = UniversitySemestersDates.objects.all()  # pylint: disable=E1101
     serializer_class = UniversitySemestersDatesSerializer

backend/models/university/universityTaggedItem.py

 from django.db import models
 from backend.models.tag import TaggedItem, TaggedItemSerializer, TaggedItemViewSet
 from backend.models.university import University
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class UniversityTaggedItem(TaggedItem):
+    moderation_level = get_moderation_level("UniversityTaggedItem")
     university = models.OneToOneField(
         University, on_delete=models.PROTECT, related_name='city_items', primary_key=True)
 
@@ -22,6 +24,6 @@ class UniversityTaggedItemSerializer(TaggedItemSerializer):
 
 
 class UniversityTaggedItemViewSet(TaggedItemViewSet):
-
+    permission_classes = get_viewset_permissions("UniversityTaggedItemViewSet")
     queryset = UniversityTaggedItem.objects.all()  # pylint: disable=E1101
     serializer_class = UniversityTaggedItemSerializer

backend/models/user/previousDeparture.py

 from django.db import models
-from rest_framework import permissions
 from backend.models.other_core.specialty import Specialty
 from backend.models.other_core.semester import Semester
 from backend.models.university import University
 from django.contrib.auth.models import User
 from django.contrib.postgres.fields import JSONField
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class PreviousDeparture(MyModel):
+    moderation_level = get_moderation_level("PreviousDeparture")
     # This model should be filled with data from the ENT
     semester = models.ForeignKey(Semester, on_delete=models.PROTECT)
     university = models.ForeignKey(University, on_delete=models.PROTECT)
@@ -31,7 +32,7 @@ class PreviousDepartureSerializer(MyModelSerializer):
 
 
 class PreviousDepartureViewSet(MyModelViewSet):
-    permission_classes = (permissions.IsAdminUser,)
+    permission_classes = get_viewset_permissions("PreviousDepartureViewSet")
     queryset = PreviousDeparture.objects.all()  # pylint: disable=E1101
     serializer_class = PreviousDepartureSerializer
     # todo if is_anonymous set user to null

backend/models/user/previousDepartureFeedback.py

@@ -4,9 +4,11 @@ from django.core.validators import MaxValueValidator
 from backend.models.user import UserRestrictedModule, UserRestrictedModuleSerializer, UserRestrictedModuleViewSet
 from backend.models.user import PreviousDeparture
 from django.contrib.postgres.fields import JSONField
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class PreviousDepartureFeedback(UserRestrictedModule):
+    moderation_level = get_moderation_level("Country")
     departure = models.OneToOneField(
         PreviousDeparture, on_delete=models.CASCADE)
 
@@ -28,5 +30,7 @@ class PreviousDepartureFeedbackSerializer(UserRestrictedModuleSerializer):
 
 
 class PreviousDepartureFeedbackViewSet(UserRestrictedModuleViewSet):
+    permission_classes = get_viewset_permissions(
+        "PreviousDepartureFeedbackViewSet")
     queryset = PreviousDepartureFeedback.objects.all()  # pylint: disable=E1101
     serializer_class = PreviousDepartureFeedbackSerializer

backend/models/user/recommendation.py

 from django.db import models
-from rest_framework import permissions
 from django.core.validators import MaxValueValidator
 
 from backend.models.university import University
@@ -7,9 +6,11 @@ from backend.models.user import UserRestrictedModule, UserRestrictedModuleSerial
 from backend.models.other_core import Specialty
 
 from backend.models.user import RecommendationList
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class Recommendation(UserRestrictedModule):
+    moderation_level = get_moderation_level("Recommendation")
     university = models.ForeignKey(University, on_delete=models.PROTECT)
     parent_list = models.ForeignKey(
         RecommendationList, on_delete=models.PROTECT, related_name='recommendations')
@@ -31,7 +32,7 @@ class RecommendationSerializer(UserRestrictedModuleSerializer):
 
 
 class RecommendationViewSet(UserRestrictedModuleViewSet):
-    permission_classes = (permissions.DjangoObjectPermissions,)
+    permission_classes = get_viewset_permissions("RecommendationViewSet")
     queryset = Recommendation.objects.all()  # pylint: disable=E1101
     serializer_class = RecommendationSerializer
     # TODO PERMISSIOIN

backend/models/user/recommendationList.py

 from django.db import models
 from backend.models.user import UserRestrictedModule, UserRestrictedModuleSerializer, UserRestrictedModuleViewSet
+from backend.utils import get_moderation_level, get_viewset_permissions
 
 
 class RecommendationList(UserRestrictedModule):
+    moderation_level = get_moderation_level("RecommendationList")
     public = models.BooleanField()
     title = models.CharField(max_length=200)
 
@@ -18,6 +20,6 @@ class RecommendationListSerializer(UserRestrictedModuleSerializer):
 
 
 class RecommendationListViewSet(UserRestrictedModuleViewSet):
+    permission_classes = get_viewset_permissions("RecommendationListViewSet")
     queryset = RecommendationList.objects.all()  # pylint: disable=E1101
     serializer_class = RecommendationListSerializer
-    # TODO add public support to check access rights

backend/models/user/userData.py

 from django.db import models
-from rest_framework import permissions, serializers
+from rest_framework import serializers
 from backend.models.university import University
 from django.contrib.postgres.fields import JSONField
 from backend.models.my_model import MyModel, MyModelSerializer, MyModelViewSet
 from django.contrib.auth.models import User
-from backend.models.tools import NoDelete, IsOwner
+from backend.utils import get_viewset_permissions, get_moderation_level
 
 
 class UserData(MyModel):
+    moderation_level = get_moderation_level("UserData")
+
     owner = models.OneToOneField(User, on_delete=models.CASCADE)
     contact_info = JSONField(default=dict)
     contact_info_is_public = models.BooleanField(default=False)
@@ -36,11 +38,7 @@ class UserDataSerializer(MyModelSerializer):
 
 
 class UserDataViewSet(MyModelViewSet):
-    permission_classes = (
-        permissions.IsAuthenticated,
-        NoDelete,
-        IsOwner
-    )
+    permission_classes = get_viewset_permissions("UserDataViewSet")
     serializer_class = UserDataSerializer
 
     def get_queryset(self):

backend/permissions/__init__.py

+from .noDeleteIfNotStaff import NoDeleteIfNotStaff  # noqa: F401
+from .isOwner import IsOwner  # noqa: F401
+from .noDelete import NoDelete  # noqa: F401
+from .isStaffOrReadOnly import IsStaffOrReadOnly  # noqa: F401
+from .isDriOrReadOnly import IsDriOrReadOnly  # noqa: F401
+from .default_viewset_permissions import DEFAULT_VIEWSET_PERMISSIONS  # noqa: F401

backend/permissions/default_viewset_permissions.py

+from backend.permissions import NoDeleteIfNotStaff
+from rest_framework.permissions import IsAuthenticated
+
+DEFAULT_VIEWSET_PERMISSIONS = (IsAuthenticated, NoDeleteIfNotStaff,)

backend/permissions/isDriOrReadOnly.py

+from rest_framework import permissions
+from backend.utils import is_member
+
+
+class IsDriOrReadOnly(permissions.BasePermission):
+    """
+    TODO
+    """
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return is_member("DRI", request.user) or request.user.is_staff