1
Fork 0
mirror of https://github.com/Steffo99/sophon.git synced 2024-12-22 14:54:22 +00:00

🐛 Require the "Edit" permission on sync, start, lock, unlock and stop actions

This commit is contained in:
Steffo 2021-11-08 05:04:11 +01:00 committed by Stefano Pigozzi
parent fd81459b01
commit 8704784f0b

View file

@ -4,10 +4,12 @@ import typing as t
from django.db.models import Q from django.db.models import Q
from rest_framework import status from rest_framework import status
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.permissions import BasePermission
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from sophon.core.models import ResearchGroup from sophon.core.models import ResearchGroup
from sophon.core.permissions import Edit
from sophon.core.serializers import dynamic_serializer, NoneSerializer from sophon.core.serializers import dynamic_serializer, NoneSerializer
from sophon.core.views import SophonGroupViewSet from sophon.core.views import SophonGroupViewSet
from sophon.notebooks.models import Notebook from sophon.notebooks.models import Notebook
@ -18,6 +20,12 @@ class NotebooksViewSet(SophonGroupViewSet, metaclass=abc.ABCMeta):
def get_group_from_serializer(self, serializer) -> ResearchGroup: def get_group_from_serializer(self, serializer) -> ResearchGroup:
return serializer.validated_data["project"].group return serializer.validated_data["project"].group
def get_permission_classes(self) -> t.Collection[t.Type[BasePermission]]:
if self.action in ["sync", "start", "lock", "unlock", "stop"]:
return Edit
else:
super().get_permission_classes()
def get_custom_serializer_classes(self): def get_custom_serializer_classes(self):
if self.action in ["sync", "start", "lock", "unlock", "stop"]: if self.action in ["sync", "start", "lock", "unlock", "stop"]:
return self.get_object().get_access_serializer(self.request.user) return self.get_object().get_access_serializer(self.request.user)