38 lines
1.3 KiB
Python
38 lines
1.3 KiB
Python
from typing import Any, Dict, List
|
|
|
|
from ..utils.access_permissions import BaseAccessPermissions
|
|
from ..utils.auth import async_has_perm, async_in_some_groups, async_is_superadmin
|
|
|
|
|
|
class MediafileAccessPermissions(BaseAccessPermissions):
|
|
"""
|
|
Access permissions container for Mediafile and MediafileViewSet.
|
|
"""
|
|
|
|
base_permission = "mediafiles.can_see"
|
|
|
|
async def get_restricted_data(
|
|
self, full_data: List[Dict[str, Any]], user_id: int
|
|
) -> List[Dict[str, Any]]:
|
|
"""
|
|
Returns the restricted serialized data for the instance prepared
|
|
for the user. Removes hidden mediafiles for some users.
|
|
"""
|
|
if not await async_has_perm(user_id, "mediafiles.can_see"):
|
|
return []
|
|
|
|
# This allows to see everything, which is important for inherited_access_groups=False.
|
|
if await async_is_superadmin(user_id):
|
|
return full_data
|
|
|
|
data = []
|
|
for full in full_data:
|
|
access_groups = full["inherited_access_groups_id"]
|
|
if (isinstance(access_groups, bool) and access_groups) or (
|
|
isinstance(access_groups, list)
|
|
and await async_in_some_groups(user_id, access_groups)
|
|
):
|
|
data.append(full)
|
|
|
|
return data
|