2015-02-12 18:48:14 +01:00
|
|
|
from openslides.utils.rest_api import ModelViewSet
|
2013-02-16 16:19:20 +01:00
|
|
|
|
2013-09-25 10:01:01 +02:00
|
|
|
from .models import Mediafile
|
2015-01-24 16:35:50 +01:00
|
|
|
from .serializers import MediafileSerializer
|
2013-02-16 16:19:20 +01:00
|
|
|
|
|
|
|
|
2015-07-01 23:18:48 +02:00
|
|
|
# Viewsets for the REST API
|
|
|
|
|
2015-02-12 18:48:14 +01:00
|
|
|
class MediafileViewSet(ModelViewSet):
|
2015-01-24 16:35:50 +01:00
|
|
|
"""
|
2015-07-01 23:18:48 +02:00
|
|
|
API endpoint for mediafile objects.
|
|
|
|
|
2015-08-31 14:07:24 +02:00
|
|
|
There are the following views: metadata, list, retrieve, create,
|
|
|
|
partial_update, update and destroy.
|
2015-01-24 16:35:50 +01:00
|
|
|
"""
|
|
|
|
queryset = Mediafile.objects.all()
|
|
|
|
serializer_class = MediafileSerializer
|
|
|
|
|
2015-07-01 23:18:48 +02:00
|
|
|
def check_view_permissions(self):
|
2015-01-24 16:35:50 +01:00
|
|
|
"""
|
2015-07-01 23:18:48 +02:00
|
|
|
Returns True if the user has required permissions.
|
2015-01-24 16:35:50 +01:00
|
|
|
"""
|
2015-03-26 05:36:10 +01:00
|
|
|
# TODO: Use mediafiles.can_upload permission to create and update some
|
2015-01-24 16:35:50 +01:00
|
|
|
# objects but restricted concerning the uploader.
|
2015-08-31 14:07:24 +02:00
|
|
|
if self.action in ('metadata', 'list', 'retrieve'):
|
2015-07-01 23:18:48 +02:00
|
|
|
result = self.request.user.has_perm('mediafiles.can_see')
|
|
|
|
elif self.action in ('create', 'partial_update', 'update'):
|
|
|
|
result = (self.request.user.has_perm('mediafiles.can_see') and
|
|
|
|
self.request.user.has_perm('mediafiles.can_upload') and
|
|
|
|
self.request.user.has_perm('mediafiles.can_manage'))
|
|
|
|
elif self.action == 'destroy':
|
|
|
|
result = (self.request.user.has_perm('mediafiles.can_see') and
|
|
|
|
self.request.user.has_perm('mediafiles.can_manage'))
|
|
|
|
else:
|
|
|
|
result = False
|
|
|
|
return result
|