Commit ef8f4ee4 authored by Florent Chehab's avatar Florent Chehab

NoPostIfNotStaff permission added and userdata now returns the list of viewset...

NoPostIfNotStaff permission added and userdata now returns the list of viewset that the user can post to.
parent c18d6f96
Pipeline #27355 passed with stages
in 2 minutes and 40 seconds
......@@ -6,3 +6,4 @@ exclude =
node_modules/*
backend/urls.py
backend/admin.py
backend/permissions/__list_user_post_permission.py
\ No newline at end of file
......@@ -14,3 +14,4 @@ htmlcov
/backend/admin.py
database.db
database.db-journal
backend/permissions/__list_user_post_permission.py
......@@ -43,6 +43,11 @@ template_path = join(templates_dir, 'urls.tpl')
output_path = join(saving_dir, 'urls.py')
render_and_save(template_path, api_config, output_path)
# render list_user_post_permission.py
template_path = join(templates_dir, 'list_user_post_permission.tpl')
output_path = join(saving_dir, './permissions/__list_user_post_permission.py')
render_and_save(template_path, api_config, output_path)
# Render admin.py
data = []
for obj in api_config:
......
{% autoescape off %}
# WARNING
# THIS FILE HAS BEEN AUTOMATICALLY GENERATED
# WITH /backend/generate/generate_backend_files.py
# MODIFY THE FILE ABOVE IF YOUR NOT SATISFIED
# THIS WARNING DOESN'T APPLY TO .tpl FILES...
from django.conf import settings
ALL_VIEWSETS = {}
{% for model in data %}{% if not model.requires_testing %}{% if model.viewset != 'UserDataViewSet' %}
from backend.models.{{model.import_location}} import {{model.viewset}}
ALL_VIEWSETS["{{model.viewset}}"] = {{model.viewset}}
{% endif %}{% endif %}{% endfor %}
if settings.TESTING:
{% for model in data %}{% if model.requires_testing %}
from backend.models.{{model.import_location}} import {{model.viewset}}
ALL_VIEWSETS["{{model.viewset}}"] = {{model.viewset}}
{% endif %}{% endfor %}
class Request(object):
def __init__(self, user, method):
self.user = user
self.method = method
def list_user_post_permission(user):
viewsets_user_can_post = []
request = Request(user, 'POST')
for viewset_name in ALL_VIEWSETS:
viewset = ALL_VIEWSETS[viewset_name]
user_can_post = True
for permission_class in viewset.permission_classes:
if not permission_class.has_permission(None, request, None):
user_can_post = False
break
if user_can_post:
name = viewset_name.split('ViewSet')[0]
name = name[0].lower() + name[1:]
viewsets_user_can_post.append(name)
return viewsets_user_can_post
{% endautoescape %}
......@@ -5,6 +5,7 @@ from backend.fields import JSONField
from backend.models.abstract.my_model import MyModel, MyModelSerializer, MyModelViewSet
from django.contrib.auth.models import User
from backend.utils import get_viewset_permissions, get_model_config, get_user_level
from backend.permissions.__list_user_post_permission import list_user_post_permission
class UserData(MyModel):
......@@ -23,10 +24,14 @@ class UserData(MyModel):
class UserDataSerializer(MyModelSerializer):
owner = serializers.CharField(read_only=True)
owner_level = serializers.SerializerMethodField()
owner_can_post_to = serializers.SerializerMethodField()
def get_owner_level(self, obj):
return get_user_level(obj.owner)
def get_owner_can_post_to(self, obj):
return list_user_post_permission(obj.owner)
def my_pre_save(self):
self.override_validated_data({'owner': self.user})
......
......@@ -10,6 +10,7 @@ try:
from .readOnly import ReadOnly # noqa: F401
from .isDriOrReadOnly import IsDriOrReadOnly # noqa: F401
from .isDriOrNoPost import IsDriOrNoPost # noqa: F401
from .noPostIfNotStaff import NoPostIfNotStaff # noqa: F401
from .default_viewset_permissions import DEFAULT_VIEWSET_PERMISSIONS # noqa: F401
from .__is_moderation_required import is_moderation_required # noqa: F401
except Exception:
......
from rest_framework import permissions
class NoPostIfNotStaff(permissions.BasePermission):
"""
TODO
"""
def has_permission(self, request, view):
if request.method == 'POST':
return request.user.is_staff
return True
from backend.permissions import IsOwner, IsStaffOrReadOnly, IsDriOrReadOnly, ReadOnly, IsDriOrNoPost
from backend.permissions import IsOwner, IsStaffOrReadOnly, IsDriOrReadOnly, ReadOnly, IsDriOrNoPost, NoPostIfNotStaff
from rest_framework.permissions import IsAdminUser
from backend.permissions import DEFAULT_VIEWSET_PERMISSIONS
from general.api import get_api_config
......@@ -17,6 +17,8 @@ def get_viewset_permissions(viewset):
permission = (IsDriOrReadOnly,)
elif custom_permission == "IsDriOrNoPost":
permission = (IsDriOrNoPost,)
elif custom_permission == "NoPostIfNotStaff":
permission = (NoPostIfNotStaff,)
elif custom_permission == "IsStaff":
permission = (IsAdminUser,)
elif custom_permission == 'default':
......
......@@ -47,12 +47,14 @@
import_location: city
api_end_point: cities
moderation_level: 2
viewset_permission: NoPostIfNotStaff
- model: University
viewset: UniversityViewSet
import_location: university
api_end_point: universities
moderation_level: 2
viewset_permission: NoPostIfNotStaff
- model: Campus
viewset: CampusViewSet
......@@ -165,6 +167,7 @@
- model: UniversityInfo
viewset: UniversityInfoViewSet
import_location: university
viewset_permission: NoPostIfNotStaff
api_end_point: universitiesInfo
versionned: true
......@@ -172,6 +175,7 @@
viewset: UniversitySemestersDatesViewSet
import_location: university
api_end_point: universitiesSemestersDates
viewset_permission: NoPostIfNotStaff
versionned: true
- model: UniversityDri
......@@ -238,6 +242,7 @@
api_end_point: versions
api_attr: (?P<content_type_id>[0-9]+)/(?P<object_pk>[0-9A-Za-z]+)
api_name: versionsList
viewset_permission: IsStaffOrReadOnly
ignore_in_admin: true
- model: ForTestingModeration
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment