OpenSlides/openslides/utils/access_permissions.py
2017-09-03 18:34:55 +02:00

75 lines
2.8 KiB
Python

from typing import Any, Dict, List, Optional, Union
from django.db.models import Model
from rest_framework.serializers import Serializer
from .collection import Collection, CollectionElement
Container = Union[CollectionElement, Collection]
RestrictedData = Union[List[Dict[str, Any]], Dict[str, Any], None]
class BaseAccessPermissions:
"""
Base access permissions container.
Every app which has autoupdate models has to create classes subclassing
from this base class for every autoupdate root model.
"""
def check_permissions(self, user: Optional[CollectionElement]) -> bool:
"""
Returns True if the user has read access to model instances.
"""
return False
def get_serializer_class(self, user: CollectionElement=None) -> Serializer:
"""
Returns different serializer classes according to users permissions.
This should return the serializer for full data access if user is
None. See get_full_data().
"""
raise NotImplementedError(
"You have to add the method 'get_serializer_class' to your "
"access permissions class.".format(self))
def get_full_data(self, instance: Model) -> Dict[str, Any]:
"""
Returns all possible serialized data for the given instance.
"""
return self.get_serializer_class(user=None)(instance).data
def get_restricted_data(self, container: Container, user: Optional[CollectionElement]) -> RestrictedData:
"""
Returns the restricted serialized data for the instance prepared
for the user.
The argument container should be a CollectionElement or a
Collection. The type of the return value is a dictionary or a list
according to the given type (or None). Returns None or an empty
list if the user has no read access. Returns reduced data if the
user has limited access. Default: Returns full data if the user has
read access to model instances.
Hint: You should override this method if your get_serializer_class()
method returns different serializers for different users or if you
have access restrictions in your view or viewset in methods like
retrieve() or list().
"""
if self.check_permissions(user):
data = container.get_full_data()
elif isinstance(container, Collection):
data = []
else:
data = None
return data
def get_projector_data(self, container: Container) -> RestrictedData:
"""
Returns the serialized data for the projector. Returns None if the
user has no access to this specific data. Returns reduced data if
the user has limited access. Default: Returns full data.
"""
return container.get_full_data()