encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-11-04 09:57:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2818 from maryokhin/master

Browse Source 
Don't check for deprecated '.model' attribute in permissions
This commit is contained in:
Tom Christie 2015-04-17 16:15:27 +01:00
commit ecb37f518e
1 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
rest_framework/permissions.py
View File

@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
`add`/`change`/`delete` permissions on the model. `add`/`change`/`delete` permissions on the model.
This permission can only be applied against view classes that This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute. provide a `.queryset` attribute.
""" """
# Map methods into required permission codes. # Map methods into required permission codes.
@ -107,24 +107,19 @@ class DjangoModelPermissions(BasePermission):
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view): def has_permission(self, request, view):
# Note that `.model` attribute on views is deprecated, although we
# enforce the deprecation on the view `get_serializer_class()` and
# `get_queryset()` methods, rather than here.
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None) queryset = getattr(view, 'queryset', None)
if model_cls is None and queryset is not None:
model_cls = queryset.model
# Workaround to ensure DjangoModelPermissions are not applied # Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter. # to the root view when using DefaultRouter.
if model_cls is None and getattr(view, '_ignore_model_permissions', False): if queryset is None and getattr(view, '_ignore_model_permissions', False):
return True return True
assert model_cls, ('Cannot apply DjangoModelPermissions on a view that' assert queryset, (
' does not have `.model` or `.queryset` property.') 'Cannot apply DjangoModelPermissions on a view that '
'does not have `.queryset` property.'
)
perms = self.get_required_permissions(request.method, model_cls) perms = self.get_required_permissions(request.method, queryset.model)
return ( return (
request.user and request.user and
@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
`add`/`change`/`delete` permissions on the object using .has_perms. `add`/`change`/`delete` permissions on the object using .has_perms.
This permission can only be applied against view classes that This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute. provide a `.queryset` attribute.
""" """
perms_map = { perms_map = {
@ -171,14 +166,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
model_cls = getattr(view, 'model', None) model_cls = view.queryset.model
queryset = getattr(view, 'queryset', None) user = request.user
if model_cls is None and queryset is not None:
model_cls = queryset.model
perms = self.get_required_object_permissions(request.method, model_cls) perms = self.get_required_object_permissions(request.method, model_cls)
user = request.user
if not user.has_perms(perms, obj): if not user.has_perms(perms, obj):
# If the user does not have permissions we need to determine if # If the user does not have permissions we need to determine if