mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-22 11:23:10 +00:00
merge
This commit is contained in:
parent
567c20a0f1
commit
8e370a15d9
1 changed files with 5 additions and 6 deletions
|
@ -63,7 +63,7 @@ def _get_param_in_view(view, param_name):
|
||||||
"cannot apply {} on a view that does not set "
|
"cannot apply {} on a view that does not set "
|
||||||
"`.{}` or have a `.get_{}()` method."
|
"`.{}` or have a `.get_{}()` method."
|
||||||
).format(
|
).format(
|
||||||
self.__class__.__name__, param_name, param_name
|
view.__class__.__name__, param_name, param_name
|
||||||
)
|
)
|
||||||
|
|
||||||
if hasattr(view, "get_" + param_name):
|
if hasattr(view, "get_" + param_name):
|
||||||
|
@ -213,7 +213,7 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
|
|
||||||
return [perm(obj) for perm in self.perms_obj_map[method]]
|
return [perm(obj) for perm in self.perms_obj_map[method]]
|
||||||
|
|
||||||
@staticmethod
|
@ staticmethod
|
||||||
def _queryset(view):
|
def _queryset(view):
|
||||||
return _get_param_in_view(view, "queryset")
|
return _get_param_in_view(view, "queryset")
|
||||||
|
|
||||||
|
@ -240,9 +240,7 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
if getattr(view, "_ignore_model_permissions", False):
|
if getattr(view, "_ignore_model_permissions", False):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
# Bypass permission verifications if it is a functional view
|
if not getattr(view, "queryset", None):
|
||||||
# (permissions are handled by ACL)
|
|
||||||
if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"):
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if not request.user or not request.user.is_authenticated:
|
if not request.user or not request.user.is_authenticated:
|
||||||
|
@ -279,7 +277,8 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
# they have read permissions to see 403, or not, and simply see
|
# they have read permissions to see 403, or not, and simply see
|
||||||
# a 404 response.
|
# a 404 response.
|
||||||
|
|
||||||
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
|
SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
|
||||||
|
"POST", "PUT", "PATCH", "DELETE")
|
||||||
|
|
||||||
if request.method in SAFE_METHODS:
|
if request.method in SAFE_METHODS:
|
||||||
# Read permissions already checked and failed, no need
|
# Read permissions already checked and failed, no need
|
||||||
|
|
Loading…
Reference in a new issue