Gitlab CSE Unil

Commit 72e0c3f6 authored by Julien Furrer's avatar Julien Furrer
Browse files

ajusté adim.view pour compatibilité avec restframework v3.3

parent 0dbce233
...@@ -25,6 +25,7 @@ class AccessibleAnObj(BasePermission): ...@@ -25,6 +25,7 @@ class AccessibleAnObj(BasePermission):
RestFramework Object-level permission to allow access to objects related to an accessible AnObj RestFramework Object-level permission to allow access to objects related to an accessible AnObj
Assumes the model instance has an `annotable` attribute. Assumes the model instance has an `annotable` attribute.
""" """
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
try: try:
return has_anobj_access(request, obj.annotable) return has_anobj_access(request, obj.annotable)
...@@ -54,6 +55,7 @@ class IsOwnerOrReadOnly(BasePermission): ...@@ -54,6 +55,7 @@ class IsOwnerOrReadOnly(BasePermission):
else: else:
return False return False
class WritableAnObjOrReadonly(BasePermission): class WritableAnObjOrReadonly(BasePermission):
""" """
RestFramework Object-level permission to only allow modification on objects RestFramework Object-level permission to only allow modification on objects
...@@ -90,6 +92,7 @@ class AnObjViewSet(viewsets.ModelViewSet): ...@@ -90,6 +92,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
""" """
model = AnObj model = AnObj
serializer_class = AnObjSerializer serializer_class = AnObjSerializer
# lookup_field = 'uuid' # lookup_field = 'uuid'
def get_serializer_class(self): def get_serializer_class(self):
...@@ -122,7 +125,7 @@ class AnObjViewSet(viewsets.ModelViewSet): ...@@ -122,7 +125,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
if request.method != 'GET': if request.method != 'GET':
user_model = get_user_model() user_model = get_user_model()
members = [] members = []
for member_data in request.DATA.get('members', []): for member_data in request.data.get('members', []):
try: try:
q = Q(pk=-1) q = Q(pk=-1)
if member_data.get('id'): if member_data.get('id'):
...@@ -156,7 +159,7 @@ class AnObjViewSet(viewsets.ModelViewSet): ...@@ -156,7 +159,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
def set_publish_mode(self, request, pk=None): def set_publish_mode(self, request, pk=None):
user = request.user user = request.user
anobj = AnObj.objects.get(pk=pk) anobj = AnObj.objects.get(pk=pk)
new_publish_mode = int(request.DATA.get('publish_mode', 0)) new_publish_mode = int(request.data.get('publish_mode', 0))
if new_publish_mode not in xrange(3): if new_publish_mode not in xrange(3):
raise ValueError("Invalid publish mode") raise ValueError("Invalid publish mode")
...@@ -172,8 +175,8 @@ class AnObjViewSet(viewsets.ModelViewSet): ...@@ -172,8 +175,8 @@ class AnObjViewSet(viewsets.ModelViewSet):
raise Http404() raise Http404()
if new_publish_mode == 2 and not ( if new_publish_mode == 2 and not (
anobj.allow_public_publishing or anobj.is_owned(user.id)): anobj.allow_public_publishing or anobj.is_owned(user.id)):
# anobj.allow_public_publishing or user in anobj.owners.all()): # anobj.allow_public_publishing or user in anobj.owners.all()):
raise PermissionDenied raise PermissionDenied
if membership.publish_mode != new_publish_mode: if membership.publish_mode != new_publish_mode:
...@@ -234,27 +237,27 @@ class SharedAnObjViewSet(AnObjViewSet): ...@@ -234,27 +237,27 @@ class SharedAnObjViewSet(AnObjViewSet):
else: else:
users = [] users = []
return Response({'users': users}) return Response({'users': users})
# #
# @detail_route(methods=['patch']) # @detail_route(methods=['patch'])
# def set_publish_mode(self, request, pk=None): # def set_publish_mode(self, request, pk=None):
# user = request.user # user = request.user
# anobj = AnObj.objects.get(pk=pk) # anobj = AnObj.objects.get(pk=pk)
# membership = get_object_or_404(AnObjMembership, anobj__id=pk, user=user) # membership = get_object_or_404(AnObjMembership, anobj__id=pk, user=user)
# #
# new_publish_mode = int(request.DATA.get('publish_mode', 0)) # new_publish_mode = int(request.DATA.get('publish_mode', 0))
# if new_publish_mode not in xrange(3): # if new_publish_mode not in xrange(3):
# raise ValueError("Invalid publish mode") # raise ValueError("Invalid publish mode")
# #
# if new_publish_mode == 2 and not ( # if new_publish_mode == 2 and not (
# anobj.allow_public_publishing or user == anobj.owner): # anobj.allow_public_publishing or user == anobj.owner):
# raise PermissionDenied # raise PermissionDenied
# #
# if membership.publish_mode != new_publish_mode: # if membership.publish_mode != new_publish_mode:
# membership.publish_mode = new_publish_mode # membership.publish_mode = new_publish_mode
# membership.save() # membership.save()
# #
# return Response({'publish_mode': membership.publish_mode}) # return Response({'publish_mode': membership.publish_mode})
# #
class UserViewSet(viewsets.ReadOnlyModelViewSet): class UserViewSet(viewsets.ReadOnlyModelViewSet):
...@@ -301,43 +304,49 @@ class AnnotationViewSet(viewsets.ModelViewSet): ...@@ -301,43 +304,49 @@ class AnnotationViewSet(viewsets.ModelViewSet):
:param kwargs: :param kwargs:
:return: :return:
""" """
request.data['owner'] = request.user.id owner_str_id = str(request.user.id)
request.data['owner_id'] = request.user.id if (
owner_str_id not in request.data['owner'] or
owner_str_id not in request.data['owner_id']
):
raise AttributeError("Wrong owner for annotation")
# request.data['owner'] = request.user.id
# request.data['owner_id'] = request.user.id
return super(AnnotationViewSet, self).create(request, *args, **kwargs) return super(AnnotationViewSet, self).create(request, *args, **kwargs)
# def list(self, request): # def list(self, request):
# return Response([]) # return Response([])
# #
# def pre_save(self, obj): # def pre_save(self, obj):
# """ # """
# For new annotation, check annotable access permission # For new annotation, check annotable access permission
# and set the owner of the annotation # and set the owner of the annotation
# :param obj: # :param obj:
# :return: # :return:
# """ # """
# if obj.annotable.locked: # if obj.annotable.locked:
# raise Exception("Annotable locked") # raise Exception("Annotable locked")
# #
# # ok # # ok
# if obj.id: # if obj.id:
# if obj.owner != self.request.user: # if obj.owner != self.request.user:
# raise Exception("Annotable access forbidden") # raise Exception("Annotable access forbidden")
# #
# else: # else:
# # user = self.request.user # # user = self.request.user
# # anobj_q = Q(pk=obj.annotable_id) & (Q(owner=user) | Q(members=user)) # # anobj_q = Q(pk=obj.annotable_id) & (Q(owner=user) | Q(members=user))
# try: # try:
# anobj = AnObj.objects.get(pk=obj.annotable_id) # anobj = AnObj.objects.get(pk=obj.annotable_id)
# if not has_anobj_access(self.request, anobj): # if not has_anobj_access(self.request, anobj):
# raise Exception("Annotable access forbidden") # raise Exception("Annotable access forbidden")
# #
# except AnObj.DoesNotExist: # except AnObj.DoesNotExist:
# raise Exception("Annotable access forbidden") # raise Exception("Annotable access forbidden")
# # if not AnObj.objects.filter(anobj_q).exists(): # # if not AnObj.objects.filter(anobj_q).exists():
# #
# obj.owner = self.request.user # obj.owner = self.request.user
# #
# super(AnnotationViewSet, self).pre_save(obj) # super(AnnotationViewSet, self).pre_save(obj)
class SharedAnnotationViewSet(viewsets.ReadOnlyModelViewSet): class SharedAnnotationViewSet(viewsets.ReadOnlyModelViewSet):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment