enforce can_access_geometry on geometry endpoints
This commit is contained in:
parent
a85ee24cd8
commit
8be5f0f9fb
2 changed files with 6 additions and 3 deletions
|
@ -9,7 +9,7 @@ from pydantic import PositiveInt
|
||||||
from c3nav.api.auth import auth_responses, validate_responses
|
from c3nav.api.auth import auth_responses, validate_responses
|
||||||
from c3nav.api.exceptions import API404
|
from c3nav.api.exceptions import API404
|
||||||
from c3nav.api.schema import BaseSchema
|
from c3nav.api.schema import BaseSchema
|
||||||
from c3nav.mapdata.api.base import api_etag, optimize_query
|
from c3nav.mapdata.api.base import api_etag, optimize_query, can_access_geometry
|
||||||
from c3nav.mapdata.models import (Area, Building, Door, Hole, Level, LocationGroup, LocationGroupCategory, Source,
|
from c3nav.mapdata.models import (Area, Building, Door, Hole, Level, LocationGroup, LocationGroupCategory, Source,
|
||||||
Space, Stair, DataOverlay, DataOverlayFeature)
|
Space, Stair, DataOverlay, DataOverlayFeature)
|
||||||
from c3nav.mapdata.models.access import AccessRestriction, AccessRestrictionGroup
|
from c3nav.mapdata.models.access import AccessRestriction, AccessRestrictionGroup
|
||||||
|
@ -54,9 +54,12 @@ def mapdata_list_endpoint(request,
|
||||||
|
|
||||||
def mapdata_retrieve_endpoint(request, model: Type[Model], **lookups):
|
def mapdata_retrieve_endpoint(request, model: Type[Model], **lookups):
|
||||||
try:
|
try:
|
||||||
return optimize_query(
|
obj = optimize_query(
|
||||||
model.qs_for_request(request) if hasattr(model, 'qs_for_request') else model.objects.all()
|
model.qs_for_request(request) if hasattr(model, 'qs_for_request') else model.objects.all()
|
||||||
).get(**lookups)
|
).get(**lookups)
|
||||||
|
if not can_access_geometry(request, obj):
|
||||||
|
obj.geometry = None
|
||||||
|
return obj
|
||||||
except model.DoesNotExist:
|
except model.DoesNotExist:
|
||||||
raise API404("%s not found" % model.__name__.lower())
|
raise API404("%s not found" % model.__name__.lower())
|
||||||
|
|
||||||
|
|
|
@ -225,7 +225,7 @@ class WithGeometrySchema(BaseSchema):
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_overrides(cls, value) -> dict:
|
def get_overrides(cls, value) -> dict:
|
||||||
value: GeometryMixin
|
value: GeometryMixin
|
||||||
if "geometry" in value.get_deferred_fields():
|
if "geometry" in value.get_deferred_fields() or value.geometry is None:
|
||||||
return {
|
return {
|
||||||
**super().get_overrides(value),
|
**super().get_overrides(value),
|
||||||
"geometry": None,
|
"geometry": None,
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue