OpenSlides/openslides/mediafiles/views.py

from ..utils.auth import has_perm
from ..utils.rest_api import ModelViewSet, ValidationError
from .access_permissions import MediafileAccessPermissions
from .models import Mediafile


# Viewsets for the REST API

class MediafileViewSet(ModelViewSet):
    """
    API endpoint for mediafile objects.

    There are the following views: metadata, list, retrieve, create,
    partial_update, update and destroy.
    """
    access_permissions = MediafileAccessPermissions()
    queryset = Mediafile.objects.all()

    def check_view_permissions(self):
        """
        Returns True if the user has required permissions.
        """
        if self.action in ('list', 'retrieve'):
            result = self.get_access_permissions().check_permissions(self.request.user)
        elif self.action == 'metadata':
            result = has_perm(self.request.user, 'mediafiles.can_see')
        elif self.action == 'create':
            result = (has_perm(self.request.user, 'mediafiles.can_see') and
                      has_perm(self.request.user, 'mediafiles.can_upload'))
        elif self.action in ('partial_update', 'update'):
            result = (has_perm(self.request.user, 'mediafiles.can_see') and
                      has_perm(self.request.user, 'mediafiles.can_upload') and
                      has_perm(self.request.user, 'mediafiles.can_manage'))
        elif self.action == 'destroy':
            result = (has_perm(self.request.user, 'mediafiles.can_see') and
                      has_perm(self.request.user, 'mediafiles.can_manage'))
        else:
            result = False
        return result

    def create(self, request, *args, **kwargs):
        """
        Customized view endpoint to upload a new file.
        """
        # Check permission to check if the uploader has to be changed.
        uploader_id = self.request.data.get('uploader_id')
        if (uploader_id and
                not has_perm(request.user, 'mediafiles.can_manage') and
                str(self.request.user.pk) != str(uploader_id)):
            self.permission_denied(request)
        if not self.request.data.get('mediafile'):
            raise ValidationError({'detail': 'You forgot to provide a file.'})
        return super().create(request, *args, **kwargs)
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`from ..utils.auth import has_perm`
Fixed mediaifle app. 2016-01-24 22:58:45 +01:00			`from ..utils.rest_api import ModelViewSet, ValidationError`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`from .access_permissions import MediafileAccessPermissions`
Use flake8 instead of pep8. Orderd the imports with isort * changed the fab-command pep8 to check * checked and fixed any code with flake8. Also the urls.py * checkt the projector app with pylint 2013-09-25 10:01:01 +02:00			`from .models import Mediafile`
Insert new app to upload files via the frontend. Let tornado server media files. Insert icon-mediafile css class. Insert extra_stylfiles context variable. 2013-02-16 16:19:20 +01:00

Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`# Viewsets for the REST API`

Updated ViewSets to Django REST Framework 3.0.5. Refactored imports from openslides/utils/rest_api.py for better overriding them later. Fixed #1450. Updated requirements. 2015-02-12 18:48:14 +01:00			`class MediafileViewSet(ModelViewSet):`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`"""`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`API endpoint for mediafile objects.`

Set permissions for OPTIONS requests. Fixed js-data dependency. Fixed blank in some motion model fields. Fixed error handling in agenda and core views. 2015-08-31 14:07:24 +02:00			`There are the following views: metadata, list, retrieve, create,`
			`partial_update, update and destroy.`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`"""`
Massive refactoring for autoupdate optimization. 2016-02-11 22:58:32 +01:00			`access_permissions = MediafileAccessPermissions()`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`queryset = Mediafile.objects.all()`

Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`def check_view_permissions(self):`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`"""`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`Returns True if the user has required permissions.`
Added REST api for motion, mediafile and config app. Refactor REST api in other apps. 2015-01-24 16:35:50 +01:00			`"""`
Change system for autoupdate on the projector (#2394) * Second websocket channel for the projector * Removed use of projector requirements for REST API requests. Refactored data serializing for projector websocket connection. * Refactor the way that the projector autoupdate get its data. * Fixed missing assignment slide title for hidden items. * Release all items for item list slide and list of speakers slide. Fixed error with motion workflow. * Created CollectionElement class which helps to handle autoupdate. 2016-09-17 22:26:23 +02:00			`if self.action in ('list', 'retrieve'):`
			`result = self.get_access_permissions().check_permissions(self.request.user)`
			`elif self.action == 'metadata':`
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`result = has_perm(self.request.user, 'mediafiles.can_see')`
Added possibility for non staff users to upload new files. See #1856. 2016-01-14 22:55:43 +01:00			`elif self.action == 'create':`
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`result = (has_perm(self.request.user, 'mediafiles.can_see') and`
			`has_perm(self.request.user, 'mediafiles.can_upload'))`
Added possibility for non staff users to upload new files. See #1856. 2016-01-14 22:55:43 +01:00			`elif self.action in ('partial_update', 'update'):`
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`result = (has_perm(self.request.user, 'mediafiles.can_see') and`
			`has_perm(self.request.user, 'mediafiles.can_upload') and`
			`has_perm(self.request.user, 'mediafiles.can_manage'))`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`elif self.action == 'destroy':`
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`result = (has_perm(self.request.user, 'mediafiles.can_see') and`
			`has_perm(self.request.user, 'mediafiles.can_manage'))`
Refactored view permissions. Refactored permission check for REST API viewsets. Removed old PermissionMixin. Cleaned up several views.py files. 2015-07-01 23:18:48 +02:00			`else:`
			`result = False`
			`return result`
Added possibility for non staff users to upload new files. See #1856. 2016-01-14 22:55:43 +01:00
			`def create(self, request, args, *kwargs):`
			`"""`
			`Customized view endpoint to upload a new file.`
			`"""`
			`# Check permission to check if the uploader has to be changed.`
			`uploader_id = self.request.data.get('uploader_id')`
			`if (uploader_id and`
Created a function to convert anything possible to a user-collectoin-element or None Changed user.has_perm(...) to has_perm(user, ...) at any place. Removed old code 2017-01-26 15:34:24 +01:00			`not has_perm(request.user, 'mediafiles.can_manage') and`
Added possibility for non staff users to upload new files. See #1856. 2016-01-14 22:55:43 +01:00			`str(self.request.user.pk) != str(uploader_id)):`
			`self.permission_denied(request)`
Fixed mediaifle app. 2016-01-24 22:58:45 +01:00			`if not self.request.data.get('mediafile'):`
Used 'detail' for all ValidationError messages. See #1946. 2016-02-06 00:02:22 +01:00			`raise ValidationError({'detail': 'You forgot to provide a file.'})`
Added possibility for non staff users to upload new files. See #1856. 2016-01-14 22:55:43 +01:00			`return super().create(request, args, *kwargs)`