encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-02 20:54:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Object-level permissions respected by Browseable API

Browse Source
This commit is contained in:
Tom Christie 2012-10-26 12:46:15 +01:00
parent 32d602880f
commit 2efb5f8a14
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
rest_framework/renderers.py
View File

@ -224,7 +224,7 @@ class BrowsableAPIRenderer(BaseRenderer):
return content return content
def show_form_for_method(self, view, method, request): def show_form_for_method(self, view, method, request, obj):
""" """
Returns True if a form should be shown for this method. Returns True if a form should be shown for this method.
""" """
@ -236,7 +236,7 @@ class BrowsableAPIRenderer(BaseRenderer):
request = clone_request(request, method) request = clone_request(request, method)
try: try:
if not view.has_permission(request): if not view.has_permission(request, obj):
return # Don't have permission return # Don't have permission
except: except:
return # Don't have permission and exception explicitly raise return # Don't have permission and exception explicitly raise
@ -295,7 +295,8 @@ class BrowsableAPIRenderer(BaseRenderer):
In the absence on of the Resource having an associated form then In the absence on of the Resource having an associated form then
provide a form that can be used to submit arbitrary content. provide a form that can be used to submit arbitrary content.
""" """
if not self.show_form_for_method(view, method, request): obj = getattr(view, 'object', None)
if not self.show_form_for_method(view, method, request, obj):
return return
if method == 'DELETE' or method == 'OPTIONS': if method == 'DELETE' or method == 'OPTIONS':
@ -305,17 +306,13 @@ class BrowsableAPIRenderer(BaseRenderer):
media_types = [parser.media_type for parser in view.parser_classes] media_types = [parser.media_type for parser in view.parser_classes]
return self.get_generic_content_form(media_types) return self.get_generic_content_form(media_types)
# Creating an on the fly form see: http://stackoverflow.com/questions/3915024/dynamically-creating-classes-python
obj, data = None, None
if getattr(view, 'object', None):
obj = view.object
serializer = view.get_serializer(instance=obj) serializer = view.get_serializer(instance=obj)
fields = self.serializer_to_form_fields(serializer) fields = self.serializer_to_form_fields(serializer)
# Creating an on the fly form see:
# http://stackoverflow.com/questions/3915024/dynamically-creating-classes-python
OnTheFlyForm = type("OnTheFlyForm", (forms.Form,), fields) OnTheFlyForm = type("OnTheFlyForm", (forms.Form,), fields)
if obj: data = (obj is not None) and serializer.data or None
data = serializer.data
form_instance = OnTheFlyForm(data) form_instance = OnTheFlyForm(data)
return form_instance return form_instance