diff --git a/greenmine/wiki/api.py b/greenmine/wiki/api.py index d0a4c1c6..fbe38159 100644 --- a/greenmine/wiki/api.py +++ b/greenmine/wiki/api.py @@ -2,23 +2,32 @@ from rest_framework import generics from greenmine.wiki.serializers import WikiPageSerializer, WikiPageAttachmentSerializer from greenmine.wiki.models import WikiPage, WikiPageAttachment +from greenmine.wiki.permissions import WikiPageDetailPermission, WikiPageAttachmentDetailPermission class WikiPageList(generics.ListCreateAPIView): model = WikiPage serializer_class = WikiPageSerializer + def get_queryset(self): + return self.model.objects.filter(project__members=self.request.user) + class WikiPageDetail(generics.RetrieveUpdateDestroyAPIView): model = WikiPage serializer_class = WikiPageSerializer + permission_classes = (WikiPageDetailPermission,) class WikiPageAttachmentList(generics.ListCreateAPIView): model = WikiPageAttachment serializer_class = WikiPageAttachmentSerializer + def get_queryset(self): + return self.model.objects.filter(wikipage__project__members=self.request.user) + class WikiPageAttachmentDetail(generics.RetrieveUpdateDestroyAPIView): model = WikiPageAttachment serializer_class = WikiPageAttachmentSerializer + permission_classes = (WikiPageAttachmentDetailPermission,) diff --git a/greenmine/wiki/permissions.py b/greenmine/wiki/permissions.py new file mode 100644 index 00000000..2228f01c --- /dev/null +++ b/greenmine/wiki/permissions.py @@ -0,0 +1,15 @@ +from greenmine.base.permissions import BaseDetailPermission + +class WikiPageDetailPermission(BaseDetailPermission): + get_permission = "can_view_wikipage" + put_permission = "can_change_wikipage" + delete_permission = "can_delete_wikipage" + safe_methods = ['HEAD', 'OPTIONS'] + path_to_document = [] + +class WikiPageAttachmentDetailPermission(BaseDetailPermission): + get_permission = "can_view_wikipageattachment" + put_permission = "can_change_wikipageattachment" + delete_permission = "can_delete_wikipageattachment" + safe_methods = ['HEAD', 'OPTIONS'] + path_to_document = []