taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding basic permissions management to documents and questions

remotes/origin/enhancement/email-actions
Jesús Espino 2013-03-30 12:42:32 +01:00
parent 3ce98ae1b2
commit 6447b176a1
4 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
greenmine/documents/api.py
View File

@ -2,13 +2,18 @@ from rest_framework import generics
from greenmine.documents.serializers import DocumentSerializer
from greenmine.documents.models import Document
from greenmine.documents.permissions import DocumentDetailPermission
class DocumentList(generics.ListCreateAPIView):
model = Document
serializer_class = DocumentSerializer
def get_queryset(self):
return self.model.objects.filter(project__members=self.request.user)
class DocumentDetail(generics.RetrieveUpdateDestroyAPIView):
model = Document
serializer_class = DocumentSerializer
permission_classes = (DocumentDetailPermission,)

8
greenmine/documents/permissions.py Normal file
View File

@ -0,0 +1,8 @@
from greenmine.base.permissions import BaseDetailPermission
class DocumentDetailPermission(BaseDetailPermission):
get_permission = "can_view_document"
put_permission = "can_change_document"
delete_permission = "can_delete_document"
safe_methods = ['HEAD', 'OPTIONS']
path_to_document = []

7
greenmine/questions/api.py
View File

@ -3,23 +3,30 @@ from rest_framework import generics
from greenmine.questions.serializers import QuestionSerializer, QuestionResponseSerializer
from greenmine.questions.models import Question, QuestionResponse
from greenmine.questions.permissions import QuestionDetailPermission, QuestionResponseDetailPermission
class QuestionList(generics.ListCreateAPIView):
model = Question
serializer_class = QuestionSerializer
def get_queryset(self):
return self.model.objects.filter(project__members=self.request.user)
class QuestionDetail(generics.RetrieveUpdateDestroyAPIView):
model = Question
serializer_class = QuestionSerializer
permission_classes = (QuestionDetailPermission,)
class QuestionResponseList(generics.ListCreateAPIView):
model = QuestionResponse
serializer_class = QuestionResponseSerializer
def get_queryset(self):
return self.model.objects.filter(question__project__members=self.request.user)
class QuestionResponseDetail(generics.RetrieveUpdateDestroyAPIView):
model = QuestionResponse
serializer_class = QuestionResponseSerializer
permission_classes = (QuestionResponseDetailPermission,)

15
greenmine/questions/permissions.py Normal file
View File

@ -0,0 +1,15 @@
from greenmine.base.permissions import BaseDetailPermission
class QuestionDetailPermission(BaseDetailPermission):
get_permission = "can_view_question"
put_permission = "can_change_question"
delete_permission = "can_delete_question"
safe_methods = ['HEAD', 'OPTIONS']
path_to_document = []
class QuestionResponseDetailPermission(BaseDetailPermission):
get_permission = "can_view_questionresponse"
put_permission = "can_change_questionresponse"
delete_permission = "can_delete_questionresponse"
safe_methods = ['HEAD', 'OPTIONS']
path_to_document = []