Commit Graph

65 Commits

Author SHA1 Message Date
Adrien Brunet
2daf6f1341 Add negation ~ operator to permissions composition (#6361) 2019-02-25 15:33:40 +01:00
Frédéric Massart
94fbfcb6fd Added lazy evaluation to composed permissions. (#6463)
Refs #6402.
2019-02-25 13:47:02 +01:00
Xavier Ordoquy
74574217a4 Fix composable permissions
In some cases we end with an operation between two `OperandHolder`.
This didn't work as it didn't knew how to deal with | or &
This fixes by adding those operations.
2018-11-27 15:29:44 +01:00
Mark Davidoff
6f2c0dbf4d
permissions must return a boolean
`x and y` actually returns object y when both are true. the means P & IsAuthenticated will fail with TypeError: unsupported operand type(s) for &: 'instance' and 'bool' as IsAuthenticated now returns a CallableBool which does not overload __ror__
2018-10-28 14:12:39 -07:00
Xavier Ordoquy
b41a6cfa38 permissions: Allow permissions to be composed (#5753)
* permissions: Allow permissions to be composed

Implement a system to compose permissions with and / or.
This is performed by returning an `OperationHolder` instance that keeps the
permission classes and type of composition (and / or).
When called it will return a AND/OR instance that will then delegate the
permission check to the operands.

* permissions: Add documentation about composed permissions

* Fix documentation typo in permissions
2018-10-03 15:36:24 +01:00
Carlton Gibson
c674687782 Remove Django 1.8 & 1.9 compatibility code (#5481)
* Identify code that needs to be pulled out of/removed from compat.py

* Extract modern code from get_names_and_managers in compat.py and remove compat code

* Extract modern code from is_authenticated() in compat.py and remove.

* Extract modern code from is_anonymous() in compat.py and remove

* Extract modern code from get_related_model() from compat.py and remove

* Extract modern code from value_from_object() in compat.py and remove

* Update postgres compat

JSONField now always available.

* Remove DecimalValidator compat

* Remove get_remote_field compat

* Remove template_render compat

Plus isort.

* Remove set_many compat

* Remove include compat
2017-10-05 20:41:38 +02:00
Ryan P Kilby
23b2d8099b Unify QS handling for model/object permissions 2017-09-01 13:56:39 -04:00
Denis Untevskiy
c8773671e7 + Rejecting anonymous in DjangoModelPermissions *before* the .get_queryset call 2017-08-30 17:10:39 -04:00
Carlton Gibson
6a3b8cfa4c Adjust wording 2017-08-22 20:44:19 +02:00
Felipe Bidu
6f2c3bcb12 Further clarifying the message when get_queryset returns None to include the class name that was called 2017-08-22 12:13:22 -03:00
Felipe Bidu
5fd01d06ab Adding a more explicit error message when a view does have a get_queryset method but it returned nothing 2017-08-22 11:00:19 -03:00
Tom Christie
68d2020112 Live API documentation (#4755) 2017-03-03 15:24:37 +00:00
tdruez
06a1e12fd8 Fixed Permissions.get_required_object_permissions for #4927 2017-02-28 17:51:32 +01:00
Tom Christie
11a2468379 Access request.user.is_authenticated as property not method, under Django 1.10+ (#4358)
* For Django >=1.10 use user.is_authenticated, not user.is_authenticated()
2016-08-05 11:04:01 +01:00
Stephan Groß
a101251a2a Fix blank lines around docstrings 2016-03-17 11:06:47 +00:00
Aarni Koskela
69688289ce Ensure Django{Model,Object}Permissions don't hide exceptions.
Quietly catching `AttributeError` and `TypeError` when calling
`get_queryset()` is rather insidious, as those exceptions get caught no
matter where they might happen in the call stack.
2015-11-27 12:46:30 +02:00
Carlton Gibson
25de8c960f Remove Django 1.5 get_model_name fallback 2015-09-21 20:10:31 +02:00
José Padilla
7351a3f6ca Sort imports with isort 2015-06-25 16:55:51 -04:00
José Padilla
83c9136c90 Cleanup import following PEP 8 style guide 2015-06-25 16:10:17 -04:00
Nicolas Delaby
031ac2a292 Allow DjangoObjectPermissions to use views that define get_queryset 2015-05-13 14:26:44 +02:00
Nicolas Delaby
24e9473036 Improve error message. 2015-04-22 11:22:37 +02:00
Nicolas Delaby
6f66798ad3 Prevent empty querysets to raises AssertionError. 2015-04-22 11:13:09 +02:00
Nicolas Delaby
c2e536bfda Tell DjangoModelPermissions to rely on get_queryset first. 2015-04-22 10:18:30 +02:00
Tymur Maryokhin
1ddfef1212 Removed deprecated '.model' attribute check 2015-04-12 17:12:01 +02:00
Di Wu
48e1f151c5 use SAFE_METHODS and make tuple 2015-03-16 22:13:07 -07:00
Tom Christie
baaa356489 Merge master 2014-12-12 15:37:43 +00:00
Tymur Maryokhin
d9930181ee Removed unused imports, pep8 fixes, typo fixes 2014-12-05 00:29:28 +01:00
Jharrod LaFon
baa518cd89 Moved OAuth support out of DRF and into a separate package, per #1767 2014-09-05 15:30:01 -07:00
Tom Christie
4d8c63abc9 Deprecate .model in related routers/permissions 2014-08-20 17:15:46 +01:00
Tom Christie
bf09c32de8 Code linting and added runtests.py 2014-08-19 13:28:07 +01:00
Tom Christie
52686420f4 Merge branch 'bennbollay-patch-1' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	rest_framework/compat.py
	tox.ini
2013-12-23 09:48:59 +00:00
amatellanes
2d6d725c2f Simplified some functions 2013-12-22 12:39:47 +01:00
Tom Christie
9c41c007af Merge branch 'master' into 2.4.0
Conflicts:
	.travis.yml
	docs/api-guide/routers.md
	docs/topics/release-notes.md
	rest_framework/compat.py
2013-12-13 16:32:34 +00:00
Tom Christie
21cd638659 Merge master 2013-09-25 09:44:26 +01:00
Markus Kaiserswerth
abbe9213f9 Address pending deprecation of Model._meta.module_name in Django 1.6 2013-09-23 17:48:25 +02:00
Tom Christie
5970baa201 Tweaks and docs to object-level model permissions. 2013-09-10 21:00:13 +01:00
bwreilly
23fc9dd53f better doc for object permissions, drop redundant has_permission call 2013-09-09 09:32:29 -07:00
bwreilly
0183c69538 removed unnecessary guardian req and view.action parsing 2013-09-09 08:39:09 -07:00
bwreilly
9ff0f6d3bf switch to a dedicated filter for read list object permissions 2013-09-07 23:48:03 -05:00
bwreilly
118645e480 first pass at object level permissions and tests 2013-09-07 23:18:52 -05:00
bwreilly
b07de86ad3 some properly failing tests, set up for standard permissions 2013-09-06 12:35:06 -05:00
bwreilly
4a9dcfa760 added guardian as optional requirement, stubbed out object-level permission class 2013-09-06 11:01:31 -05:00
Tom Christie
3fcc01273c Remove deprecated code 2013-06-27 20:29:52 +01:00
Tom Christie
6d2ca75d8e Don't raise AttributeError on views with no model or queryset, when using DjangoModelPermissions 2013-06-18 11:10:56 +01:00
Tom Christie
aff88d15f7 Version 2.3.3 2013-05-16 15:08:12 +01:00
Tom Christie
b65b065375 Add DjangoModelPermissionsOrAnonReadOnly 2013-04-30 14:34:28 +01:00
Tom Christie
dc7b1d6430 2.2's PendingDeprecationWarnings now become DeprecationWarnings. 2.3's PendingDeprecationWarnings added. 2013-04-29 12:45:00 +01:00
Tom Christie
4bf1a09bae Ensure implementation of reverse relations in 'fields' is backwards compatible 2013-04-23 11:31:38 +01:00
Tom Christie
043d748b53 Tweak 2013-03-12 20:12:28 +00:00
Tom Christie
f513db714d Clean up TokenHasReadWriteScope slightly 2013-03-12 19:07:30 +00:00