mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-25 22:22:26 +00:00
Use the use_api permission to access API
This commit is contained in:
parent
0c7e944b07
commit
0be63ad58e
2 changed files with 60 additions and 9 deletions
45
api/acl.py
Normal file
45
api/acl.py
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# -*- mode: python; coding: utf-8 -*-
|
||||||
|
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
|
# quelques clics.
|
||||||
|
#
|
||||||
|
# Copyright © 2018 Maël Kervella
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
|
"""api.acl
|
||||||
|
|
||||||
|
Here are defined some functions to check acl on the application.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
|
|
||||||
|
def can_view(user):
|
||||||
|
"""Check if an user can view the application.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user: The user who wants to view the application.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
A couple (allowed, msg) where allowed is a boolean which is True if
|
||||||
|
viewing is granted and msg is a message (can be None).
|
||||||
|
"""
|
||||||
|
kwargs = {
|
||||||
|
'app_label': settings.API_CONTENT_TYPE_APP_LABEL,
|
||||||
|
'codename': settings.API_PERMISSION_CODENAME
|
||||||
|
}
|
||||||
|
can = user.has_perm('%(app_label)s.%(codename)s' % kwargs)
|
||||||
|
return can, None if can else "Vous ne pouvez pas voir cette application."
|
|
@ -1,28 +1,34 @@
|
||||||
from rest_framework import permissions
|
from rest_framework import permissions
|
||||||
from re2o.acl import can_create, can_edit, can_delete, can_view_all
|
from re2o.acl import can_create, can_edit, can_delete, can_view_all
|
||||||
|
|
||||||
|
from . import acl
|
||||||
|
|
||||||
|
def can_see_api(_):
|
||||||
|
return lambda user: acl.can_view(user)
|
||||||
|
|
||||||
|
|
||||||
class DefaultACLPermission(permissions.BasePermission):
|
class DefaultACLPermission(permissions.BasePermission):
|
||||||
"""
|
"""
|
||||||
Permission subclass in charge of checking the ACL to determine
|
Permission subclass in charge of checking the ACL to determine
|
||||||
if a user can access the models
|
if a user can access the models
|
||||||
"""
|
"""
|
||||||
perms_map = {
|
perms_map = {
|
||||||
'GET': [lambda model: model.can_view_all],
|
'GET': [can_see_api, lambda model: model.can_view_all],
|
||||||
'OPTIONS': [lambda model: model.can_view_all],
|
'OPTIONS': [can_see_api, lambda model: model.can_view_all],
|
||||||
'HEAD': [lambda model: model.can_view_all],
|
'HEAD': [can_see_api, lambda model: model.can_view_all],
|
||||||
'POST': [lambda model: model.can_create],
|
'POST': [can_see_api, lambda model: model.can_create],
|
||||||
#'PUT': [],
|
#'PUT': [],
|
||||||
#'PATCH': [],
|
#'PATCH': [],
|
||||||
#'DELETE': [],
|
#'DELETE': [],
|
||||||
}
|
}
|
||||||
perms_obj_map = {
|
perms_obj_map = {
|
||||||
'GET': [lambda obj: obj.can_view],
|
'GET': [can_see_api, lambda obj: obj.can_view],
|
||||||
'OPTIONS': [lambda obj: obj.can_view],
|
'OPTIONS': [can_see_api, lambda obj: obj.can_view],
|
||||||
'HEAD': [lambda obj: obj.can_view],
|
'HEAD': [can_see_api, lambda obj: obj.can_view],
|
||||||
#'POST': [],
|
#'POST': [],
|
||||||
'PUT': [lambda obj: obj.can_edit],
|
'PUT': [can_see_api, lambda obj: obj.can_edit],
|
||||||
#'PATCH': [],
|
#'PATCH': [],
|
||||||
'DELETE': [lambda obj: obj.can_delete],
|
'DELETE': [can_see_api, lambda obj: obj.can_delete],
|
||||||
}
|
}
|
||||||
|
|
||||||
def get_required_permissions(self, method, model):
|
def get_required_permissions(self, method, model):
|
||||||
|
|
Loading…
Reference in a new issue