diff --git a/src/c3nav/editor/templates/editor/map.html b/src/c3nav/editor/templates/editor/map.html index 8c453029..16396380 100644 --- a/src/c3nav/editor/templates/editor/map.html +++ b/src/c3nav/editor/templates/editor/map.html @@ -21,7 +21,10 @@ - + diff --git a/src/c3nav/mapdata/api/features.py b/src/c3nav/mapdata/api/features.py index b3ebb2fd..08f536d3 100644 --- a/src/c3nav/mapdata/api/features.py +++ b/src/c3nav/mapdata/api/features.py @@ -6,6 +6,7 @@ from rest_framework.viewsets import ReadOnlyModelViewSet, ViewSet from c3nav.mapdata.models import FEATURE_TYPES from c3nav.mapdata.models.features import Area, Building, Door, Obstacle +from c3nav.mapdata.permissions import PackageAccessMixin from c3nav.mapdata.serializers.features import (AreaSerializer, BuildingSerializer, DoorSerializer, FeatureTypeSerializer, ObstacleSerializer) @@ -41,7 +42,7 @@ class FeatureViewSet(ViewSet): return Response(result) -class BuildingViewSet(ReadOnlyModelViewSet): +class BuildingViewSet(PackageAccessMixin, ReadOnlyModelViewSet): """ List and retrieve Inside Areas """ @@ -51,7 +52,7 @@ class BuildingViewSet(ReadOnlyModelViewSet): lookup_value_regex = '[^/]+' -class AreaViewSet(ReadOnlyModelViewSet): +class AreaViewSet(PackageAccessMixin, ReadOnlyModelViewSet): """ List and retrieve Areas """ @@ -61,7 +62,7 @@ class AreaViewSet(ReadOnlyModelViewSet): lookup_value_regex = '[^/]+' -class ObstacleViewSet(ReadOnlyModelViewSet): +class ObstacleViewSet(PackageAccessMixin, ReadOnlyModelViewSet): """ List and retrieve Obstcales """ @@ -71,7 +72,7 @@ class ObstacleViewSet(ReadOnlyModelViewSet): lookup_value_regex = '[^/]+' -class DoorViewSet(ReadOnlyModelViewSet): +class DoorViewSet(PackageAccessMixin, ReadOnlyModelViewSet): """ List and retrieve Doors """ diff --git a/src/c3nav/mapdata/permissions.py b/src/c3nav/mapdata/permissions.py index 50e4cde0..b0ca5524 100644 --- a/src/c3nav/mapdata/permissions.py +++ b/src/c3nav/mapdata/permissions.py @@ -15,7 +15,7 @@ def can_access_package(request, package): def filter_source_queryset(request, queryset): - return queryset if settings.DEBUG else queryset.filter(package__name__in=get_unlocked_packages(request)) + return queryset if settings.DIRECT_EDITING else queryset.filter(package__name__in=get_unlocked_packages(request)) class LockedMapFeatures(BasePermission): @@ -24,3 +24,8 @@ class LockedMapFeatures(BasePermission): if not can_access_package(request, obj.package): raise PermissionDenied(_('This Source belongs to a package you don\'t have access to.')) return True + + +class PackageAccessMixin: + def get_queryset(self): + return filter_source_queryset(self.request, super().get_queryset())