djangoldp-notification/djangoldp_notification/permissions.py

from django.contrib.auth import get_user_model

from djangoldp.permissions import LDPPermissions
from djangoldp_notification.filters import InboxFilterBackend, SubscriptionsFilterBackend
from rest_framework.reverse import reverse


class InboxPermissions(LDPPermissions):
    filter_backends = [InboxFilterBackend]


class SubscriptionsPermissions(LDPPermissions):
    filter_backends = [SubscriptionsFilterBackend]

    def has_permission(self, request, view):
        if request.user.is_anonymous and not request.method == "OPTIONS":
            return False

        if request.method in ["GET", "PATCH", "DELETE", "PUT"]:
            return True

        return super().has_permission(request, view)

    def has_object_permission(self, request, view, obj):
        if request.user.is_anonymous and not request.method == "OPTIONS":
            return False

        reverse_path_key = "{}-notification-list".format(get_user_model()._meta.object_name.lower())
        user_inbox = reverse(reverse_path_key, kwargs={"slug": request.user.slug}, request=request)
        if obj.inbox == user_inbox:
            return True

        return False
feat: Add permissions to subscriptions to only exposed user's 2019-12-13 16:20:54 +00:00			`from django.contrib.auth import get_user_model`
minor: filterbackends for permissions 2020-11-17 12:26:10 +00:00
update: custom permissions for nested_field 2019-08-23 12:56:03 +00:00			`from djangoldp.permissions import LDPPermissions`
minor: filterbackends for permissions 2020-11-17 12:26:10 +00:00			`from djangoldp_notification.filters import InboxFilterBackend, SubscriptionsFilterBackend`
feat: Add permissions to subscriptions to only exposed user's 2019-12-13 16:20:54 +00:00			`from rest_framework.reverse import reverse`
update: custom permissions for nested_field 2019-08-23 12:56:03 +00:00

			`class InboxPermissions(LDPPermissions):`
minor: filterbackends for permissions 2020-11-17 12:26:10 +00:00			`filter_backends = [InboxFilterBackend]`

feat: Add permissions to subscriptions to only exposed user's 2019-12-13 16:20:54 +00:00
			`class SubscriptionsPermissions(LDPPermissions):`
minor: filterbackends for permissions 2020-11-17 12:26:10 +00:00			`filter_backends = [SubscriptionsFilterBackend]`

feat: Add permissions to subscriptions to only exposed user's 2019-12-13 16:20:54 +00:00			`def has_permission(self, request, view):`
			`if request.user.is_anonymous and not request.method == "OPTIONS":`
			`return False`

			`if request.method in ["GET", "PATCH", "DELETE", "PUT"]:`
			`return True`

			`return super().has_permission(request, view)`

			`def has_object_permission(self, request, view, obj):`
			`if request.user.is_anonymous and not request.method == "OPTIONS":`
			`return False`

			`reverse_path_key = "{}-notification-list".format(get_user_model()._meta.object_name.lower())`
			`user_inbox = reverse(reverse_path_key, kwargs={"slug": request.user.slug}, request=request)`
			`if obj.inbox == user_inbox:`
			`return True`

			`return False`