minor: filterbackends for permissions

djangoldp_notification/filters.py

@@ -0,0 +1,18 @@
+from djangoldp.filters import LDPPermissionsFilterBackend
+
+
+class InboxFilterBackend(LDPPermissionsFilterBackend):
+    def filter_queryset(self, request, queryset, view):
+        if not request.user.is_anonymous:
+            return queryset.filter(user=request.user)
+        else:
+            from djangoldp_notification.models import Notification
+            return Notification.objects.none()
+
+
+class SubscriptionsFilterBackend(LDPPermissionsFilterBackend):
+    def filter_queryset(self, request, queryset, view):
+        if request.method == "OPTIONS":
+            return queryset
+        else:
+            return super().filter_queryset(request, queryset, view)

djangoldp_notification/permissions.py

@@ -1,9 +1,13 @@
 from django.contrib.auth import get_user_model
+
 from djangoldp.permissions import LDPPermissions
+from djangoldp_notification.filters import InboxFilterBackend, SubscriptionsFilterBackend
 from rest_framework.reverse import reverse
 
 
 class InboxPermissions(LDPPermissions):
+    filter_backends = [InboxFilterBackend]
+
     def has_permission(self, request, view):
         from djangoldp.models import Model
 
@@ -41,6 +45,8 @@ class InboxPermissions(LDPPermissions):
 
 
 class SubscriptionsPermissions(LDPPermissions):
+    filter_backends = [SubscriptionsFilterBackend]
+
     def has_permission(self, request, view):
         if request.user.is_anonymous and not request.method == "OPTIONS":
             return False

setup.cfg

@@ -10,7 +10,7 @@ license = MIT
 [options]
 packages = find:
 install_requires =
-    djangoldp>=1.2.0
+    djangoldp>=1.3.0
 
 [options.extras_require]
 include_package_data = True