ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7e404946e4
OpenSlides/openslides/mediafiles/views.py
Norman Jäckel 7e404946e4 Refactored view permissions. 
Refactored permission check for REST API viewsets.
Removed old PermissionMixin.
Cleaned up several views.py files.
2015-07-05 22:17:58 +02:00

37 lines
1.3 KiB
Python
Raw Blame History

from openslides.utils.rest_api import ModelViewSet
from .models import Mediafile
from .serializers import MediafileSerializer
# Viewsets for the REST API
class MediafileViewSet(ModelViewSet):
"""
API endpoint for mediafile objects.
There are the following views: list, retrieve, create, partial_update,
update and destroy.
"""
queryset = Mediafile.objects.all()
serializer_class = MediafileSerializer
def check_view_permissions(self):
"""
Returns True if the user has required permissions.
"""
# TODO: Use mediafiles.can_upload permission to create and update some
# objects but restricted concerning the uploader.
if self.action in ('list', 'retrieve'):
result = self.request.user.has_perm('mediafiles.can_see')
elif self.action in ('create', 'partial_update', 'update'):
result = (self.request.user.has_perm('mediafiles.can_see') and
self.request.user.has_perm('mediafiles.can_upload') and
self.request.user.has_perm('mediafiles.can_manage'))
elif self.action == 'destroy':
result = (self.request.user.has_perm('mediafiles.can_see') and
self.request.user.has_perm('mediafiles.can_manage'))
else:
result = False
return result
Reference in New Issue View Git Blame Copy Permalink