Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def get_permission_level(request, obj):
- try:
- level = PasswordListACL.objects.get(list=obj, user=request.user)
- except PasswordListACL.DoesNotExist:
- level = None
- return level
- class IsPasswordListOwner(permissions.DjangoObjectPermissions):
- def has_permission(self, request, view):
- return True
- def has_object_permission(self, request, view, obj):
- print(get_permission_level(request, obj))
- if get_permission_level(request, obj) == None:
- print('false')
- return False
- else:
- level = AccessLevel.objects.get(pk=get_permission_level(request, obj).level_id).name
- if level == 'Owner':
- return True
- else:
- return False
- class PasswordListViewSet(viewsets.ModelViewSet):
- queryset = PasswordList.objects.all()
- serializer_class = PasswordListSerializer
- permission_classes = (IsPasswordListOwner,)
- def list(self, request):
- self.permission_classes = [IsPasswordListOwner, ]
- queryset = self.get_queryset().filter(passwordlistacl__user=request.user)
- serializer = PasswordListSerializer(queryset, many=True, context={'request': request})
- return Response(serializer.data)
- def retrieve(self, request, pk=None):
- self.permission_classes = [IsPasswordListOwner, ]
- queryset = self.get_queryset()
- if get_object_or_404(queryset, pk=pk):
- password = get_object_or_404(queryset, pk=pk)
- else:
- pass
- serializer = PasswordListSerializer(password, context={'request': request})
- return Response(serializer.data)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement