2017-09-04 00:25:45 +02:00
|
|
|
from typing import Any, Dict, List, Optional
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2017-08-24 12:26:55 +02:00
|
|
|
from django.db.models import Model
|
|
|
|
from rest_framework.serializers import Serializer
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
from .collection import CollectionElement
|
2017-08-24 12:26:55 +02:00
|
|
|
|
|
|
|
|
|
|
|
class BaseAccessPermissions:
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Base access permissions container.
|
2016-03-02 00:46:19 +01:00
|
|
|
|
|
|
|
Every app which has autoupdate models has to create classes subclassing
|
2017-08-24 12:26:55 +02:00
|
|
|
from this base class for every autoupdate root model.
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
2016-03-02 00:46:19 +01:00
|
|
|
|
2017-08-24 12:26:55 +02:00
|
|
|
def check_permissions(self, user: Optional[CollectionElement]) -> bool:
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
2016-03-02 00:46:19 +01:00
|
|
|
Returns True if the user has read access to model instances.
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
return False
|
|
|
|
|
2018-08-08 21:09:22 +02:00
|
|
|
def get_serializer_class(self, user: CollectionElement = None) -> Serializer:
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
Returns different serializer classes according to users permissions.
|
2016-03-02 00:46:19 +01:00
|
|
|
|
|
|
|
This should return the serializer for full data access if user is
|
|
|
|
None. See get_full_data().
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
|
|
|
raise NotImplementedError(
|
2016-03-02 00:46:19 +01:00
|
|
|
"You have to add the method 'get_serializer_class' to your "
|
2016-02-11 22:58:32 +01:00
|
|
|
"access permissions class.".format(self))
|
|
|
|
|
2017-08-24 12:26:55 +02:00
|
|
|
def get_full_data(self, instance: Model) -> Dict[str, Any]:
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
2016-03-02 00:46:19 +01:00
|
|
|
Returns all possible serialized data for the given instance.
|
|
|
|
"""
|
|
|
|
return self.get_serializer_class(user=None)(instance).data
|
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
def get_restricted_data(
|
|
|
|
self, full_data: List[Dict[str, Any]],
|
|
|
|
user: Optional[CollectionElement]) -> List[Dict[str, Any]]:
|
2016-03-02 00:46:19 +01:00
|
|
|
"""
|
|
|
|
Returns the restricted serialized data for the instance prepared
|
|
|
|
for the user.
|
|
|
|
|
2017-09-04 00:25:45 +02:00
|
|
|
The argument full_data has to be a list of full_data dicts as they are
|
|
|
|
created with CollectionElement.get_full_data(). The type of the return
|
|
|
|
is the same. Returns an empty list if the user has no read access.
|
|
|
|
Returns reduced data if the user has limited access.
|
|
|
|
Default: Returns full data if the user has read access to model instances.
|
2016-02-11 22:58:32 +01:00
|
|
|
|
2016-09-17 22:26:23 +02:00
|
|
|
Hint: You should override this method if your get_serializer_class()
|
|
|
|
method returns different serializers for different users or if you
|
|
|
|
have access restrictions in your view or viewset in methods like
|
2016-09-30 20:42:58 +02:00
|
|
|
retrieve() or list().
|
2016-02-11 22:58:32 +01:00
|
|
|
"""
|
2017-09-04 00:25:45 +02:00
|
|
|
return full_data if self.check_permissions(user) else []
|