can_access_editor API mixin
This commit is contained in:
parent
1fdc3bbfe8
commit
38267f2adc
1 changed files with 9 additions and 27 deletions
|
@ -22,7 +22,14 @@ from c3nav.mapdata.models.geometry.space import POI
|
||||||
from c3nav.mapdata.utils.user import can_access_editor
|
from c3nav.mapdata.utils.user import can_access_editor
|
||||||
|
|
||||||
|
|
||||||
class EditorViewSet(ViewSet):
|
class EditorViewSetMixin(ViewSet):
|
||||||
|
def initial(self, request, *args, **kwargs):
|
||||||
|
if not can_access_editor(request) or 1:
|
||||||
|
raise PermissionDenied
|
||||||
|
return super().initial(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class EditorViewSet(EditorViewSetMixin, ViewSet):
|
||||||
"""
|
"""
|
||||||
Editor API
|
Editor API
|
||||||
/geometries/ returns a list of geojson features, you have to specify ?level=<id> or ?space=<id>
|
/geometries/ returns a list of geojson features, you have to specify ?level=<id> or ?space=<id>
|
||||||
|
@ -81,9 +88,6 @@ class EditorViewSet(ViewSet):
|
||||||
@action(detail=False, methods=['get'])
|
@action(detail=False, methods=['get'])
|
||||||
@api_etag(etag_func=etag_func, cache_parameters={'level': str, 'space': str})
|
@api_etag(etag_func=etag_func, cache_parameters={'level': str, 'space': str})
|
||||||
def geometries(self, request, *args, **kwargs):
|
def geometries(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
Level = request.changeset.wrap_model('Level')
|
Level = request.changeset.wrap_model('Level')
|
||||||
Space = request.changeset.wrap_model('Space')
|
Space = request.changeset.wrap_model('Space')
|
||||||
|
|
||||||
|
@ -238,9 +242,6 @@ class EditorViewSet(ViewSet):
|
||||||
@action(detail=False, methods=['get'])
|
@action(detail=False, methods=['get'])
|
||||||
@api_etag(etag_func=MapUpdate.current_cache_key, cache_parameters={})
|
@api_etag(etag_func=MapUpdate.current_cache_key, cache_parameters={})
|
||||||
def geometrystyles(self, request, *args, **kwargs):
|
def geometrystyles(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
return Response({
|
return Response({
|
||||||
'building': '#aaaaaa',
|
'building': '#aaaaaa',
|
||||||
'space': '#eeeeee',
|
'space': '#eeeeee',
|
||||||
|
@ -263,9 +264,6 @@ class EditorViewSet(ViewSet):
|
||||||
@action(detail=False, methods=['get'])
|
@action(detail=False, methods=['get'])
|
||||||
@api_etag(etag_func=etag_func, cache_parameters={})
|
@api_etag(etag_func=etag_func, cache_parameters={})
|
||||||
def bounds(self, request, *args, **kwargs):
|
def bounds(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
return Response({
|
return Response({
|
||||||
'bounds': Source.max_bounds(),
|
'bounds': Source.max_bounds(),
|
||||||
})
|
})
|
||||||
|
@ -311,9 +309,6 @@ class EditorViewSet(ViewSet):
|
||||||
return resolved
|
return resolved
|
||||||
|
|
||||||
def retrieve(self, request, *args, **kwargs):
|
def retrieve(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
resolved = self.resolved
|
resolved = self.resolved
|
||||||
if not resolved:
|
if not resolved:
|
||||||
raise NotFound(_('No matching editor view endpoint found.'))
|
raise NotFound(_('No matching editor view endpoint found.'))
|
||||||
|
@ -327,7 +322,7 @@ class EditorViewSet(ViewSet):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
class ChangeSetViewSet(ReadOnlyModelViewSet):
|
class ChangeSetViewSet(EditorViewSetMixin, ReadOnlyModelViewSet):
|
||||||
"""
|
"""
|
||||||
List and manipulate changesets. All lists are ordered by last update descending. Use ?offset= to specify an offset.
|
List and manipulate changesets. All lists are ordered by last update descending. Use ?offset= to specify an offset.
|
||||||
Don't forget to set X-Csrftoken for POST requests!
|
Don't forget to set X-Csrftoken for POST requests!
|
||||||
|
@ -359,8 +354,6 @@ class ChangeSetViewSet(ReadOnlyModelViewSet):
|
||||||
return ChangeSet.qs_for_request(self.request).select_related('last_update', 'last_state_update', 'last_change')
|
return ChangeSet.qs_for_request(self.request).select_related('last_update', 'last_state_update', 'last_change')
|
||||||
|
|
||||||
def _list(self, request, qs):
|
def _list(self, request, qs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
offset = 0
|
offset = 0
|
||||||
if 'offset' in request.GET:
|
if 'offset' in request.GET:
|
||||||
if not request.GET['offset'].isdigit():
|
if not request.GET['offset'].isdigit():
|
||||||
|
@ -388,15 +381,10 @@ class ChangeSetViewSet(ReadOnlyModelViewSet):
|
||||||
))
|
))
|
||||||
|
|
||||||
def retrieve(self, request, *args, **kwargs):
|
def retrieve(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
return Response(self.get_object().serialize())
|
return Response(self.get_object().serialize())
|
||||||
|
|
||||||
@action(detail=False, methods=['get'])
|
@action(detail=False, methods=['get'])
|
||||||
def current(self, request, *args, **kwargs):
|
def current(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
changeset = ChangeSet.get_for_request(request)
|
changeset = ChangeSet.get_for_request(request)
|
||||||
return Response({
|
return Response({
|
||||||
'direct_editing': changeset.direct_editing,
|
'direct_editing': changeset.direct_editing,
|
||||||
|
@ -405,8 +393,6 @@ class ChangeSetViewSet(ReadOnlyModelViewSet):
|
||||||
|
|
||||||
@action(detail=False, methods=['post'])
|
@action(detail=False, methods=['post'])
|
||||||
def direct_editing(self, request, *args, **kwargs):
|
def direct_editing(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
# django-rest-framework doesn't automatically do this for logged out requests
|
# django-rest-framework doesn't automatically do this for logged out requests
|
||||||
SessionAuthentication().enforce_csrf(request)
|
SessionAuthentication().enforce_csrf(request)
|
||||||
|
|
||||||
|
@ -425,8 +411,6 @@ class ChangeSetViewSet(ReadOnlyModelViewSet):
|
||||||
|
|
||||||
@action(detail=False, methods=['post'])
|
@action(detail=False, methods=['post'])
|
||||||
def deactivate(self, request, *args, **kwargs):
|
def deactivate(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
# django-rest-framework doesn't automatically do this for logged out requests
|
# django-rest-framework doesn't automatically do this for logged out requests
|
||||||
SessionAuthentication().enforce_csrf(request)
|
SessionAuthentication().enforce_csrf(request)
|
||||||
|
|
||||||
|
@ -439,8 +423,6 @@ class ChangeSetViewSet(ReadOnlyModelViewSet):
|
||||||
|
|
||||||
@action(detail=True, methods=['get'])
|
@action(detail=True, methods=['get'])
|
||||||
def changes(self, request, *args, **kwargs):
|
def changes(self, request, *args, **kwargs):
|
||||||
if not can_access_editor(request):
|
|
||||||
raise PermissionDenied
|
|
||||||
changeset = self.get_object()
|
changeset = self.get_object()
|
||||||
changeset.fill_changes_cache()
|
changeset.fill_changes_cache()
|
||||||
return Response([obj.serialize() for obj in changeset.iter_changed_objects()])
|
return Response([obj.serialize() for obj in changeset.iter_changed_objects()])
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue