encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-08 14:24:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update SimpleMetadata to filter the OPTIONS

Browse Source 
This is a simple fix to filter the choices in the OPTIONS method based on to what the user has permission. Uses django-guardian.
This commit is contained in:
gabn88 2015-09-08 20:22:44 +02:00
parent b57e9cf405
commit 3c160fa153
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
rest_framework/metadata.py
View File

@ -136,6 +136,20 @@ class SimpleMetadata(BaseMetadata):
elif getattr(field, 'fields', None): elif getattr(field, 'fields', None):
field_info['children'] = self.get_serializer_info(field) field_info['children'] = self.get_serializer_info(field)
if isinstance(field, serializers.PrimaryKeyRelatedField):
try:
perm_format = '%(app_label)s.view_%(model_name)s'
model_cls = field.queryset.model
kwargs = {
'app_label': model_cls._meta.app_label,
'model_name': get_model_name(model_cls)
}
permission = perm_format % kwargs
field.queryset= guardian.shortcuts.get_objects_for_user(request.user, permission, field.queryset, accept_global_perms= False)
except:
field.queryset=[]
if not field_info.get('read_only') and hasattr(field, 'choices'): if not field_info.get('read_only') and hasattr(field, 'choices'):
field_info['choices'] = [ field_info['choices'] = [
{ {