mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-26 03:23:59 +03:00
Removed deprecated '.model' attribute check
This commit is contained in:
parent
970bfe16ec
commit
1ddfef1212
|
@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
|
|||
`add`/`change`/`delete` permissions on the model.
|
||||
|
||||
This permission can only be applied against view classes that
|
||||
provide a `.model` or `.queryset` attribute.
|
||||
provide a `.queryset` attribute.
|
||||
"""
|
||||
|
||||
# Map methods into required permission codes.
|
||||
|
@ -107,24 +107,19 @@ class DjangoModelPermissions(BasePermission):
|
|||
return [perm % kwargs for perm in self.perms_map[method]]
|
||||
|
||||
def has_permission(self, request, view):
|
||||
# Note that `.model` attribute on views is deprecated, although we
|
||||
# enforce the deprecation on the view `get_serializer_class()` and
|
||||
# `get_queryset()` methods, rather than here.
|
||||
model_cls = getattr(view, 'model', None)
|
||||
queryset = getattr(view, 'queryset', None)
|
||||
|
||||
if model_cls is None and queryset is not None:
|
||||
model_cls = queryset.model
|
||||
|
||||
# Workaround to ensure DjangoModelPermissions are not applied
|
||||
# to the root view when using DefaultRouter.
|
||||
if model_cls is None and getattr(view, '_ignore_model_permissions', False):
|
||||
if queryset is None and getattr(view, '_ignore_model_permissions', False):
|
||||
return True
|
||||
|
||||
assert model_cls, ('Cannot apply DjangoModelPermissions on a view that'
|
||||
' does not have `.model` or `.queryset` property.')
|
||||
assert queryset, (
|
||||
'Cannot apply DjangoModelPermissions on a view that '
|
||||
'does not have `.queryset` property.'
|
||||
)
|
||||
|
||||
perms = self.get_required_permissions(request.method, model_cls)
|
||||
perms = self.get_required_permissions(request.method, queryset.model)
|
||||
|
||||
return (
|
||||
request.user and
|
||||
|
@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
|
|||
`add`/`change`/`delete` permissions on the object using .has_perms.
|
||||
|
||||
This permission can only be applied against view classes that
|
||||
provide a `.model` or `.queryset` attribute.
|
||||
provide a `.queryset` attribute.
|
||||
"""
|
||||
|
||||
perms_map = {
|
||||
|
@ -171,14 +166,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
|
|||
return [perm % kwargs for perm in self.perms_map[method]]
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
model_cls = getattr(view, 'model', None)
|
||||
queryset = getattr(view, 'queryset', None)
|
||||
|
||||
if model_cls is None and queryset is not None:
|
||||
model_cls = queryset.model
|
||||
model_cls = view.queryset.model
|
||||
user = request.user
|
||||
|
||||
perms = self.get_required_object_permissions(request.method, model_cls)
|
||||
user = request.user
|
||||
|
||||
if not user.has_perms(perms, obj):
|
||||
# If the user does not have permissions we need to determine if
|
||||
|
|
Loading…
Reference in New Issue
Block a user