-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #235 from Fruity-Loops/fix_permissions
Fix permissions and permissions refactor.
- Loading branch information
Showing
11 changed files
with
171 additions
and
139 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,14 @@ | ||
from user_account.permissions import IsInventoryManager | ||
from rest_framework.permissions import BasePermission | ||
|
||
from .models import AuditTemplate | ||
|
||
|
||
class IsInventoryManagerTemplate(IsInventoryManager): | ||
class CheckTemplateOrganizationById(BasePermission): | ||
message = "The requested template must be of the same organization" | ||
|
||
def has_permission(self, request, view): | ||
if request.parser_context['kwargs'] is not None \ | ||
and 'pk' in request.parser_context['kwargs']: | ||
temp = AuditTemplate.objects.get(template_id=request.parser_context['kwargs']['pk']) | ||
return temp.organization == request.user.organization and request.user.role == 'IM' | ||
return super().has_permission(request, view) | ||
return temp.organization == request.user.organization | ||
return True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,11 @@ | ||
from rest_framework.permissions import BasePermission | ||
from user_account.permissions import IsSystemAdmin, IsInventoryManager | ||
|
||
|
||
class UserOrganizationPermission(BasePermission): | ||
class ValidateOrgMatchesUser(BasePermission): | ||
message = "The organization requested must match the user's" | ||
|
||
def has_permission(self, request, view): | ||
""" | ||
Overriding default has_permission method in order to add Custom | ||
permissions to our views | ||
This can be used either inside the permission_class directly or | ||
you can call it from other permission files | ||
:param request: | ||
:param view: | ||
:return: True/False : Whether the user is allowed to perform CRUD | ||
""" | ||
if view.action in ['list', 'retrieve', 'update', 'partial_update']: | ||
return IsSystemAdmin.has_permission(None, request, None)\ | ||
or IsInventoryManager.has_permission(None, request, view) | ||
if view.action in ['create', 'destroy']: | ||
return IsSystemAdmin.has_permission(None, request, None) | ||
|
||
return False | ||
user = request.user | ||
if 'pk' in request.parser_context['kwargs']: | ||
return str(user.organization_id) == request.parser_context['kwargs']['pk'] | ||
return True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.