69 lines
2.3 KiB
Python
69 lines
2.3 KiB
Python
from django.contrib.auth import get_user_model
|
|
|
|
from djangoldp.permissions import LDPPermissions
|
|
from djangoldp_notification.filters import InboxFilterBackend, SubscriptionsFilterBackend
|
|
from rest_framework.reverse import reverse
|
|
|
|
|
|
class InboxPermissions(LDPPermissions):
|
|
filter_backends = [InboxFilterBackend]
|
|
|
|
def has_permission(self, request, view):
|
|
from djangoldp.models import Model
|
|
|
|
if self.is_a_container(request._request.path):
|
|
try:
|
|
"""
|
|
If on nested field we use users permissions
|
|
"""
|
|
obj = Model.resolve_parent(request.path)
|
|
model = view.parent_model
|
|
|
|
"""
|
|
If still on nested field and request is post (/users/X/inbox/) we use notification permissions
|
|
"""
|
|
if view.parent_model != view.model and request.method == 'POST':
|
|
obj = None
|
|
model = view.model
|
|
except:
|
|
"""
|
|
Not on nested field we use notification permissions
|
|
"""
|
|
obj = None
|
|
model = view.model
|
|
else:
|
|
obj = Model.resolve_id(request._request.path)
|
|
model = view.model
|
|
|
|
perms = self.get_permissions(request.method, model)
|
|
|
|
for perm in perms:
|
|
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, model, obj):
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
class SubscriptionsPermissions(LDPPermissions):
|
|
filter_backends = [SubscriptionsFilterBackend]
|
|
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous and not request.method == "OPTIONS":
|
|
return False
|
|
|
|
if request.method in ["GET", "PATCH", "DELETE", "PUT"]:
|
|
return True
|
|
|
|
return super().has_permission(request, view)
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.user.is_anonymous and not request.method == "OPTIONS":
|
|
return False
|
|
|
|
reverse_path_key = "{}-notification-list".format(get_user_model()._meta.object_name.lower())
|
|
user_inbox = reverse(reverse_path_key, kwargs={"slug": request.user.slug}, request=request)
|
|
if obj.inbox == user_inbox:
|
|
return True
|
|
|
|
return False
|