✨ Complete permissions

sophon/core/models.py

@@ -356,6 +356,9 @@ class Project(models.Model):
         blank=True,
     )
 
+    def get_project(self):
+        return self
+
     def get_contributors(self):
         """
         :return: All the contributors (:attr:`.owner` + :attr:`.collaborators`) of the project.

sophon/core/serializers.py

@@ -54,7 +54,7 @@ class DataFlowSerializer(serializers.ModelSerializer):
         ]
 
 
-class ProjectListSerializer(serializers.ModelSerializer):
+class ProjectPrivateSerializer(serializers.ModelSerializer):
     class Meta:
         model = models.Project
         fields = [
@@ -71,7 +71,30 @@ class ProjectListSerializer(serializers.ModelSerializer):
         ]
 
 
-class ProjectCollaboratorSerializer(serializers.ModelSerializer):
+class ProjectViewableSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.Project
+        fields = [
+            "slug",
+            "name",
+            "description",
+            "visibility",
+            "owner",
+            "collaborators",
+            "flows",
+        ]
+        read_only_fields = [
+            "slug",
+            "name",
+            "description",
+            "visibility",
+            "owner",
+            "collaborators",
+            "flows",
+        ]
+
+
+class ProjectEditableSerializer(serializers.ModelSerializer):
     class Meta:
         model = models.Project
         fields = [
@@ -91,7 +114,7 @@ class ProjectCollaboratorSerializer(serializers.ModelSerializer):
         ]
 
 
-class ProjectOwnerSerializer(serializers.ModelSerializer):
+class ProjectAdministrableSerializer(serializers.ModelSerializer):
     """
     Serializer for :class:`.models.Project` when accessed as the project owner.
     """

sophon/core/urls.py

@@ -6,14 +6,9 @@ from . import views
 router = DefaultRouter()
 router.register("datasources", views.DataSourceViewSet)
 router.register("dataflows", views.DataFlowViewSet)
+router.register("projects", views.ProjectViewSet)
 
 
 urlpatterns = [
-    path("projects/", views.ProjectListView),
-    path("projects/", views.ProjectCreateView),
-    path("projects/", views.ProjectRetrieveView),
-    path("projects/", views.ProjectUpdateCollaboratorView),
-    path("projects/", views.ProjectUpdateOwnerView),
-    path("projects/", views.ProjectDestroyView),
     path("", include(router.urls)),
 ]

sophon/core/views.py

@@ -6,47 +6,37 @@ from logging import getLogger
 log = getLogger(__name__)
 
 
-class ProjectViewSet(viewsets.GenericViewSet):
+class ProjectViewSet(viewsets.ModelViewSet):
     queryset = models.Project.objects.all()
 
+    @property
+    def permission_classes(self):
+        return {
+            "list": [],
+            "create": [permissions.IsAuthenticated],
+            "retrieve": [custom_permissions.CanViewProject],
+            "update": [custom_permissions.CanEditProject],
+            "partial_update": [custom_permissions.CanEditProject],
+            "destroy": [custom_permissions.CanAdministrateProject],
+            None: [],
+        }[self.action]
+
     def get_serializer_class(self):
-        if self.action == ""
+        if self.action == "list":
-
+            return serializers.ProjectPrivateSerializer
-
+        elif self.action == "create":
-class ProjectListView(generics.ListAPIView):
+            return serializers.ProjectAdministrableSerializer
-    queryset = models.Project.objects.all()
+        else:
-    serializer_class = serializers.ProjectListSerializer
+            project = self.get_object()
-    permission_classes = []
+            user = self.request.user
-
+            if project.can_be_administrated_by(user):
-
+                return serializers.ProjectAdministrableSerializer
-class ProjectCreateView(generics.CreateAPIView):
+            elif project.can_be_edited_by(user):
-    queryset = models.Project.objects.all()
+                return serializers.ProjectEditableSerializer
-    serializer_class = serializers.ProjectOwnerSerializer
+            elif project.can_be_viewed_by(user):
-    permission_classes = [permissions.IsAuthenticated]
+                return serializers.ProjectViewableSerializer
-
+            else:
-
+                return serializers.ProjectPrivateSerializer
-class ProjectRetrieveView(generics.RetrieveAPIView):
-    queryset = models.Project.objects.all()
-    serializer_class = serializers.ProjectCollaboratorSerializer
-    permission_classes = [custom_permissions.CanViewProject]
-
-
-class ProjectUpdateCollaboratorView(generics.UpdateAPIView):
-    queryset = models.Project.objects.all()
-    serializer_class = serializers.ProjectCollaboratorSerializer
-    permission_classes = [custom_permissions.CanEditProject]
-
-
-class ProjectUpdateOwnerView(generics.DestroyAPIView):
-    queryset = models.Project.objects.all()
-    serializer_class = serializers.ProjectOwnerSerializer
-    permission_classes = [custom_permissions.CanAdministrateProject]
-
-
-class ProjectDestroyView(generics.DestroyAPIView):
-    queryset = models.Project.objects.all()
-    serializer_class = serializers.ProjectCollaboratorSerializer
-    permission_classes = [custom_permissions.CanAdministrateProject]
 
 
 class DataFlowViewSet(viewsets.ModelViewSet):