From 8fe9b45823ffc892053b50090b01c2db5fa278ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Sat, 30 Mar 2013 12:46:26 +0100 Subject: [PATCH] Adding basic permissions management to wiki page --- greenmine/wiki/api.py | 9 +++++++++ greenmine/wiki/permissions.py | 15 +++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 greenmine/wiki/permissions.py diff --git a/greenmine/wiki/api.py b/greenmine/wiki/api.py index d0a4c1c6..fbe38159 100644 --- a/greenmine/wiki/api.py +++ b/greenmine/wiki/api.py @@ -2,23 +2,32 @@ from rest_framework import generics from greenmine.wiki.serializers import WikiPageSerializer, WikiPageAttachmentSerializer from greenmine.wiki.models import WikiPage, WikiPageAttachment +from greenmine.wiki.permissions import WikiPageDetailPermission, WikiPageAttachmentDetailPermission class WikiPageList(generics.ListCreateAPIView): model = WikiPage serializer_class = WikiPageSerializer + def get_queryset(self): + return self.model.objects.filter(project__members=self.request.user) + class WikiPageDetail(generics.RetrieveUpdateDestroyAPIView): model = WikiPage serializer_class = WikiPageSerializer + permission_classes = (WikiPageDetailPermission,) class WikiPageAttachmentList(generics.ListCreateAPIView): model = WikiPageAttachment serializer_class = WikiPageAttachmentSerializer + def get_queryset(self): + return self.model.objects.filter(wikipage__project__members=self.request.user) + class WikiPageAttachmentDetail(generics.RetrieveUpdateDestroyAPIView): model = WikiPageAttachment serializer_class = WikiPageAttachmentSerializer + permission_classes = (WikiPageAttachmentDetailPermission,) diff --git a/greenmine/wiki/permissions.py b/greenmine/wiki/permissions.py new file mode 100644 index 00000000..2228f01c --- /dev/null +++ b/greenmine/wiki/permissions.py @@ -0,0 +1,15 @@ +from greenmine.base.permissions import BaseDetailPermission + +class WikiPageDetailPermission(BaseDetailPermission): + get_permission = "can_view_wikipage" + put_permission = "can_change_wikipage" + delete_permission = "can_delete_wikipage" + safe_methods = ['HEAD', 'OPTIONS'] + path_to_document = [] + +class WikiPageAttachmentDetailPermission(BaseDetailPermission): + get_permission = "can_view_wikipageattachment" + put_permission = "can_change_wikipageattachment" + delete_permission = "can_delete_wikipageattachment" + safe_methods = ['HEAD', 'OPTIONS'] + path_to_document = []