OpenSlides/openslides/utils/access_permissions.py

75 lines
2.8 KiB
Python
Raw Normal View History

2017-08-24 12:26:55 +02:00
from typing import Any, Dict, List, Optional, Union
2017-08-24 12:26:55 +02:00
from django.db.models import Model
from rest_framework.serializers import Serializer
2017-08-24 12:26:55 +02:00
from .collection import Collection, CollectionElement
2017-08-24 12:26:55 +02:00
Container = Union[CollectionElement, Collection]
RestrictedData = Union[List[Dict[str, Any]], Dict[str, Any], None]
class BaseAccessPermissions:
"""
Base access permissions container.
Every app which has autoupdate models has to create classes subclassing
2017-08-24 12:26:55 +02:00
from this base class for every autoupdate root model.
"""
2017-08-24 12:26:55 +02:00
def check_permissions(self, user: Optional[CollectionElement]) -> bool:
"""
Returns True if the user has read access to model instances.
"""
return False
2017-08-24 12:26:55 +02:00
def get_serializer_class(self, user: CollectionElement=None) -> Serializer:
"""
Returns different serializer classes according to users permissions.
This should return the serializer for full data access if user is
None. See get_full_data().
"""
raise NotImplementedError(
"You have to add the method 'get_serializer_class' to your "
"access permissions class.".format(self))
2017-08-24 12:26:55 +02:00
def get_full_data(self, instance: Model) -> Dict[str, Any]:
"""
Returns all possible serialized data for the given instance.
"""
return self.get_serializer_class(user=None)(instance).data
2017-08-24 12:26:55 +02:00
def get_restricted_data(self, container: Container, user: Optional[CollectionElement]) -> RestrictedData:
"""
Returns the restricted serialized data for the instance prepared
for the user.
The argument container should be a CollectionElement or a
Collection. The type of the return value is a dictionary or a list
according to the given type (or None). Returns None or an empty
list if the user has no read access. Returns reduced data if the
user has limited access. Default: Returns full data if the user has
read access to model instances.
Hint: You should override this method if your get_serializer_class()
method returns different serializers for different users or if you
have access restrictions in your view or viewset in methods like
2016-09-30 20:42:58 +02:00
retrieve() or list().
"""
if self.check_permissions(user):
data = container.get_full_data()
elif isinstance(container, Collection):
data = []
else:
data = None
return data
2017-08-24 12:26:55 +02:00
def get_projector_data(self, container: Container) -> RestrictedData:
"""
2016-09-30 20:42:58 +02:00
Returns the serialized data for the projector. Returns None if the
user has no access to this specific data. Returns reduced data if
the user has limited access. Default: Returns full data.
"""
return container.get_full_data()