Commit 706b29b3 authored by Samuel GAIST's avatar Samuel GAIST

[common][api] Move from custom permission mixins to use permissions

Also add modifiable check for update/destroy end point.
parent 47cdc304
......@@ -29,13 +29,12 @@ from django.shortcuts import get_object_or_404
from rest_framework import status
from rest_framework import generics
from rest_framework import permissions
from rest_framework import permissions as drf_permissions
from rest_framework import exceptions as drf_exceptions
from rest_framework.response import Response
from rest_framework.reverse import reverse
from .models import Contribution, Versionable
from .permissions import IsAuthor
from .exceptions import ShareError, BaseCreationError
from .serializers import (
SharingSerializer,
......@@ -43,15 +42,16 @@ from .serializers import (
CheckNameSerializer,
DiffSerializer,
)
from .mixins import CommonContextMixin, SerializerFieldsMixin, IsAuthorOrReadOnlyMixin
from .mixins import CommonContextMixin, SerializerFieldsMixin
from .utils import py3_cmp
from . import permissions as beat_permissions
from . import is_true
class CheckContributionNameView(CommonContextMixin, generics.CreateAPIView):
serializer_class = CheckNameSerializer
permission_classes = [permissions.IsAuthenticated]
permission_classes = [drf_permissions.IsAuthenticated]
def get_serializer_context(self):
context = super(CheckContributionNameView, self).get_serializer_context()
......@@ -65,7 +65,7 @@ class CheckContributionNameView(CommonContextMixin, generics.CreateAPIView):
class ShareView(CommonContextMixin, generics.CreateAPIView):
permission_classes = [permissions.IsAuthenticated, IsAuthor]
permission_classes = [beat_permissions.IsAuthor]
serializer_class = SharingSerializer
def get_queryset(self):
......@@ -106,7 +106,7 @@ class ListContributionView(
):
model = Contribution
serializer_class = ContributionSerializer
permission_classes = [permissions.AllowAny]
permission_classes = [drf_permissions.AllowAny]
def get_queryset(self):
return self.model.objects.for_user(self.request.user, True)
......@@ -186,7 +186,9 @@ class ListCreateBaseView(
return response
class ListCreateContributionView(IsAuthorOrReadOnlyMixin, ListCreateBaseView):
class ListCreateContributionView(ListCreateBaseView):
permission_classes = [beat_permissions.IsAuthorOrReadOnly]
def get_queryset(self):
user = self.request.user
author_name = self.kwargs.get("author_name")
......@@ -228,12 +230,13 @@ class DiffView(generics.RetrieveAPIView):
class RetrieveUpdateDestroyContributionView(
CommonContextMixin,
SerializerFieldsMixin,
IsAuthorOrReadOnlyMixin,
generics.RetrieveUpdateDestroyAPIView,
CommonContextMixin, SerializerFieldsMixin, generics.RetrieveUpdateDestroyAPIView
):
model = Contribution
permission_classes = [
beat_permissions.IsAuthorOrReadOnly,
beat_permissions.IsModifiableOrRead,
]
def get_serializer(self, *args, **kwargs):
if self.request.method == "PUT":
......@@ -257,6 +260,7 @@ class RetrieveUpdateDestroyContributionView(
def get(self, request, *args, **kwargs):
db_object = self.get_object()
self.check_object_permissions(request, db_object)
# Process the query string
allow_sharing = request.user == db_object.author
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment