mirror of https://github.com/interlegis/sapl.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 lines
1.8 KiB
53 lines
1.8 KiB
from rest_framework.permissions import DjangoModelPermissions
|
|
from sapl.rules.map_rules import rules_patterns_public
|
|
|
|
|
|
class SaplModelPermissions(DjangoModelPermissions):
|
|
|
|
perms_map = {
|
|
'GET': ['%(app_label)s.list_%(model_name)s',
|
|
'%(app_label)s.detail_%(model_name)s'],
|
|
'OPTIONS': ['%(app_label)s.list_%(model_name)s',
|
|
'%(app_label)s.detail_%(model_name)s'],
|
|
'HEAD': ['%(app_label)s.list_%(model_name)s',
|
|
'%(app_label)s.detail_%(model_name)s'],
|
|
'POST': ['%(app_label)s.add_%(model_name)s'],
|
|
'PUT': ['%(app_label)s.change_%(model_name)s'],
|
|
'PATCH': ['%(app_label)s.change_%(model_name)s'],
|
|
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
|
|
|
|
}
|
|
|
|
def has_permission(self, request, view):
|
|
if getattr(view, '_ignore_model_permissions', False):
|
|
return True
|
|
|
|
if hasattr(view, 'get_queryset'):
|
|
queryset = view.get_queryset()
|
|
else:
|
|
queryset = getattr(view, 'queryset', None)
|
|
|
|
assert queryset is not None, (
|
|
'Cannot apply DjangoModelPermissions on a view that '
|
|
'does not set `.queryset` or have a `.get_queryset()` method.'
|
|
)
|
|
|
|
perms = self.get_required_permissions(request.method, queryset.model)
|
|
|
|
key = '{}:{}'.format(
|
|
queryset.model._meta.app_label,
|
|
queryset.model._meta.model_name)
|
|
|
|
if key in rules_patterns_public:
|
|
perms = set(perms)
|
|
perms_publicas = rules_patterns_public[key]
|
|
|
|
private_perms = perms - perms_publicas
|
|
if not private_perms:
|
|
return True
|
|
|
|
return (
|
|
request.user and
|
|
(request.user.is_authenticated or not self.authenticated_users_only) and
|
|
request.user.has_perms(perms)
|
|
)
|
|
|