mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-29 21:14:01 +03:00
Removed deprecated '.model' attribute check
This commit is contained in:
parent
970bfe16ec
commit
1ddfef1212
|
@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
|
||||||
`add`/`change`/`delete` permissions on the model.
|
`add`/`change`/`delete` permissions on the model.
|
||||||
|
|
||||||
This permission can only be applied against view classes that
|
This permission can only be applied against view classes that
|
||||||
provide a `.model` or `.queryset` attribute.
|
provide a `.queryset` attribute.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Map methods into required permission codes.
|
# Map methods into required permission codes.
|
||||||
|
@ -107,24 +107,19 @@ class DjangoModelPermissions(BasePermission):
|
||||||
return [perm % kwargs for perm in self.perms_map[method]]
|
return [perm % kwargs for perm in self.perms_map[method]]
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
def has_permission(self, request, view):
|
||||||
# Note that `.model` attribute on views is deprecated, although we
|
|
||||||
# enforce the deprecation on the view `get_serializer_class()` and
|
|
||||||
# `get_queryset()` methods, rather than here.
|
|
||||||
model_cls = getattr(view, 'model', None)
|
|
||||||
queryset = getattr(view, 'queryset', None)
|
queryset = getattr(view, 'queryset', None)
|
||||||
|
|
||||||
if model_cls is None and queryset is not None:
|
|
||||||
model_cls = queryset.model
|
|
||||||
|
|
||||||
# Workaround to ensure DjangoModelPermissions are not applied
|
# Workaround to ensure DjangoModelPermissions are not applied
|
||||||
# to the root view when using DefaultRouter.
|
# to the root view when using DefaultRouter.
|
||||||
if model_cls is None and getattr(view, '_ignore_model_permissions', False):
|
if queryset is None and getattr(view, '_ignore_model_permissions', False):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
assert model_cls, ('Cannot apply DjangoModelPermissions on a view that'
|
assert queryset, (
|
||||||
' does not have `.model` or `.queryset` property.')
|
'Cannot apply DjangoModelPermissions on a view that '
|
||||||
|
'does not have `.queryset` property.'
|
||||||
|
)
|
||||||
|
|
||||||
perms = self.get_required_permissions(request.method, model_cls)
|
perms = self.get_required_permissions(request.method, queryset.model)
|
||||||
|
|
||||||
return (
|
return (
|
||||||
request.user and
|
request.user and
|
||||||
|
@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
|
||||||
`add`/`change`/`delete` permissions on the object using .has_perms.
|
`add`/`change`/`delete` permissions on the object using .has_perms.
|
||||||
|
|
||||||
This permission can only be applied against view classes that
|
This permission can only be applied against view classes that
|
||||||
provide a `.model` or `.queryset` attribute.
|
provide a `.queryset` attribute.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
perms_map = {
|
perms_map = {
|
||||||
|
@ -171,14 +166,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
|
||||||
return [perm % kwargs for perm in self.perms_map[method]]
|
return [perm % kwargs for perm in self.perms_map[method]]
|
||||||
|
|
||||||
def has_object_permission(self, request, view, obj):
|
def has_object_permission(self, request, view, obj):
|
||||||
model_cls = getattr(view, 'model', None)
|
model_cls = view.queryset.model
|
||||||
queryset = getattr(view, 'queryset', None)
|
user = request.user
|
||||||
|
|
||||||
if model_cls is None and queryset is not None:
|
|
||||||
model_cls = queryset.model
|
|
||||||
|
|
||||||
perms = self.get_required_object_permissions(request.method, model_cls)
|
perms = self.get_required_object_permissions(request.method, model_cls)
|
||||||
user = request.user
|
|
||||||
|
|
||||||
if not user.has_perms(perms, obj):
|
if not user.has_perms(perms, obj):
|
||||||
# If the user does not have permissions we need to determine if
|
# If the user does not have permissions we need to determine if
|
||||||
|
|
Loading…
Reference in New Issue
Block a user