Python rest_framework.permissions.DjangoObjectPermissions() Examples
The following are 2
code examples of rest_framework.permissions.DjangoObjectPermissions().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
rest_framework.permissions
, or try the search function
.
Example #1
Source File: test_viewsets.py From drf-haystack with MIT License | 6 votes |
def test_viewset_get_queryset_with_DjangoObjectPermissions_permission(self): from rest_framework.permissions import DjangoObjectPermissions setattr(self.view, "permission_classes", (DjangoObjectPermissions,)) # The `DjangoObjectPermissions` is a subclass of `DjangoModelPermissions` and # therefore unsupported. request = factory.get(path="/", data="", content_type="application/json") try: self.view.as_view(actions={"get": "list"})(request) self.fail("Did not fail with AssertionError when calling HaystackView with DjangoModelPermissions") except (AttributeError, AssertionError) as e: if isinstance(e, AttributeError): self.assertEqual(str(e), "'SearchQuerySet' object has no attribute 'model'") else: self.assertEqual(str(e), "Cannot apply DjangoModelPermissions on a view that does " "not have `.model` or `.queryset` property.")
Example #2
Source File: permissions.py From resolwe with Apache License 2.0 | 4 votes |
def has_object_permission(self, request, view, obj): """Check object permissions.""" # admins can do anything if request.user.is_superuser: return True # `share` permission is required for editing permissions if "permissions" in view.action: self.perms_map["POST"] = ["%(app_label)s.share_%(model_name)s"] if view.action in ["add_data", "remove_data"]: self.perms_map["POST"] = ["%(app_label)s.add_%(model_name)s"] if hasattr(view, "get_queryset"): queryset = view.get_queryset() else: queryset = getattr(view, "queryset", None) assert queryset is not None, ( "Cannot apply DjangoObjectPermissions on a view that " "does not set `.queryset` or have a `.get_queryset()` method." ) model_cls = queryset.model user = request.user perms = self.get_required_object_permissions(request.method, model_cls) if not user.has_perms(perms, obj) and not AnonymousUser().has_perms(perms, obj): # If the user does not have permissions we need to determine if # they have read permissions to see 403, or not, and simply see # a 404 response. if request.method in permissions.SAFE_METHODS: # Read permissions already checked and failed, no need # to make another lookup. raise Http404 read_perms = self.get_required_object_permissions("GET", model_cls) if not user.has_perms(read_perms, obj): raise Http404 # Has read permissions. return False return True