cd34d30866
* Activate restricted_data_cache on inmemory cache * Use ElementCache in rest-api get requests * Get requests on the restapi return 404 when the user has no permission * Added async function for has_perm and in_some_groups * changed Cachable.get_restricted_data to be an ansync function * rewrote required_user_system * changed default implementation of access_permission.check_permission to check a given permission or check if anonymous is enabled
40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
from typing import Any, Dict, List, Optional
|
|
|
|
from ..utils.access_permissions import BaseAccessPermissions
|
|
from ..utils.auth import async_has_perm
|
|
from ..utils.collection import CollectionElement
|
|
|
|
|
|
class MediafileAccessPermissions(BaseAccessPermissions):
|
|
"""
|
|
Access permissions container for Mediafile and MediafileViewSet.
|
|
"""
|
|
base_permission = 'mediafiles.can_see'
|
|
|
|
def get_serializer_class(self, user=None):
|
|
"""
|
|
Returns serializer class.
|
|
"""
|
|
from .serializers import MediafileSerializer
|
|
|
|
return MediafileSerializer
|
|
|
|
async def get_restricted_data(
|
|
self,
|
|
full_data: List[Dict[str, Any]],
|
|
user: Optional[CollectionElement]) -> List[Dict[str, Any]]:
|
|
"""
|
|
Returns the restricted serialized data for the instance prepared
|
|
for the user. Removes hidden mediafiles for some users.
|
|
"""
|
|
# Parse data.
|
|
if await async_has_perm(user, 'mediafiles.can_see') and await async_has_perm(user, 'mediafiles.can_see_hidden'):
|
|
data = full_data
|
|
elif await async_has_perm(user, 'mediafiles.can_see'):
|
|
# Exclude hidden mediafiles.
|
|
data = [full for full in full_data if not full['hidden']]
|
|
else:
|
|
data = []
|
|
|
|
return data
|