Commit d56827ad authored by Jean-Baptiste Pasquier's avatar Jean-Baptiste Pasquier

Merge branch 'author_to_user' into 'master'

update: Fix permissions & add owner_field

See merge request !86
parents 800a8312 8f174fcb
Pipeline #4878 passed with stage
in 1 minute and 21 seconds
......@@ -176,17 +176,21 @@ With inherit, Users can herit from Anons. Also Owners can herit from Users.
Eg. with this model Anons can view, Auths can add & Owners can edit & delete.
Note that `owner_perms` need a `owner_field` meta that point the field with owner user.
```python
from djangoldp.models import Model
class Todo(Model):
name = models.CharField(max_length=255)
deadline = models.DateTimeField()
user = models.ForeignKey(settings.AUTH_USER_MODEL)
class Meta:
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
owner_field = 'user'
```
......
from django.db.models import options
__version__ = '0.0.0'
options.DEFAULT_NAMES += ('lookup_field', 'rdf_type', 'rdf_context', 'auto_author', 'view_set', 'container_path', 'permission_classes', 'serializer_fields', 'nested_fields', 'depth', 'anonymous_perms', 'authenticated_perms', 'owner_perms')
options.DEFAULT_NAMES += ('lookup_field', 'rdf_type', 'rdf_context', 'auto_author', 'owner_field', 'view_set', 'container_path', 'permission_classes', 'serializer_fields', 'nested_fields', 'depth', 'anonymous_perms', 'authenticated_perms', 'owner_perms')
......@@ -13,21 +13,21 @@ class LDPPermissions(BasePermission):
authenticated_perms = ['inherit']
owner_perms = ['inherit']
def user_permissions(self, user, obj):
def user_permissions(self, user, model, obj=None):
"""
Filter user permissions for a given object
Filter user permissions for a model class
"""
# Get Anonymous permissions from Model's Meta. If not found use default
anonymous_perms = getattr(obj._meta, 'anonymous_perms', self.anonymous_perms)
anonymous_perms = getattr(model._meta, 'anonymous_perms', self.anonymous_perms)
# Get Auth permissions from Model's Meta. If not found use default
authenticated_perms = getattr(obj._meta, 'authenticated_perms', self.authenticated_perms)
authenticated_perms = getattr(model._meta, 'authenticated_perms', self.authenticated_perms)
# Extend Auth if inherit is given
if 'inherit' in authenticated_perms:
authenticated_perms = authenticated_perms + list(set(anonymous_perms) - set(authenticated_perms))
# Get Owner permissions from Model's Meta. If not found use default
owner_perms = getattr(obj._meta, 'owner_perms', self.owner_perms)
owner_perms = getattr(model._meta, 'owner_perms', self.owner_perms)
# Extend Owner if inherit is given
if 'inherit' in owner_perms:
owner_perms = owner_perms + list(set(authenticated_perms) - set(owner_perms))
......@@ -36,7 +36,7 @@ class LDPPermissions(BasePermission):
return anonymous_perms
else:
if hasattr(obj._meta, 'auto_author') and getattr(obj, getattr(obj._meta, 'auto_author')) == user:
if obj and hasattr(model._meta, 'owner_field') and getattr(obj, getattr(model._meta, 'owner_field')) == user:
return owner_perms
else:
......@@ -76,10 +76,15 @@ class LDPPermissions(BasePermission):
"""
Access to containers
"""
perms = self.get_permissions(request.method, view.model)
# A bit tricky, but feels redondant to redeclarate perms_map
model = view.model
perms = self.get_permissions(request.method, model)
try:
obj = view.model.resolve_id(request._request.path)
except:
obj = None
for perm in perms:
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, view.model):
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, model, obj):
return False
return True
......@@ -91,10 +96,10 @@ class LDPPermissions(BasePermission):
User does not have permission: 403
"""
perms = self.get_permissions(request.method, obj)
model = obj
# A bit tricky, but feels redondant to redeclarate perms_map
for perm in perms:
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, obj):
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, model, obj):
return False
return True
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment