DjangoModelPermisson

This commit is contained in:
Camille Harang 2012-02-11 01:49:28 +01:00
parent da8187d2c2
commit bc80eb266f

View File

@ -89,6 +89,46 @@ class IsUserOrIsAnonReadOnly(BasePermission):
raise _403_FORBIDDEN_RESPONSE raise _403_FORBIDDEN_RESPONSE
class DjangoModelPermisson(BasePermission):
"""
"""
def check_permission(self, user):
# GET-style methods are always allowed.
if self.view.request.method in ('GET', 'OPTIONS', 'HEAD',):
return
# User must be logged in to check permissions.
if not hasattr(self.view.request, 'user') or not self.view.request.user.is_authenticated():
raise _403_FORBIDDEN_RESPONSE
klass = self.view.resource.model
# If it doesn't look like a model, we can't check permissions.
if not klass or not getattr(klass, '_meta', None):
return
permission_map = {
'POST': ['%s.add_%s'],
'PUT': ['%s.change_%s'],
'DELETE': ['%s.delete_%s'],
'PATCH': ['%s.add_%s', '%s.change_%s', '%s.delete_%s'],
}
permission_codes = []
# If we don't recognize the HTTP method, we don't know what
# permissions to check. Deny.
if self.view.request.method not in permission_map:
raise _403_FORBIDDEN_RESPONSE
for perm in permission_map[self.view.request.method]:
permission_codes.append(perm % (klass._meta.app_label, klass._meta.module_name))
if not self.view.request.user.has_perms(permission_codes):
raise _403_FORBIDDEN_RESPONSE
class BaseThrottle(BasePermission): class BaseThrottle(BasePermission):
""" """
Rate throttling of requests. Rate throttling of requests.