arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-22 16:02:16 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix for #23

Browse Source
This commit is contained in:
tomtom5152
2015-03-26 13:19:47 +00:00
parent 3230b03606
commit 7c52d8334c
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
RIGS/views.py
View File

@@ -197,6 +197,14 @@ class SecureAPIRequest(generic.View):
'profile': models.Profile, 'profile': models.Profile,
} }
perms = {
'venue': 'RIGS.view_venue',
'person': 'RIGS.view_person',
'organisation': 'RIGS.view_organisation',
'mic': None,
'profile': None,
}
''' '''
Validate the request is allowed based on user permissions. Validate the request is allowed based on user permissions.
Raises 403 if denied. Raises 403 if denied.
@@ -205,7 +213,7 @@ class SecureAPIRequest(generic.View):
def __validate__(self, request, key, perm): def __validate__(self, request, key, perm):
if request.user.is_active: if request.user.is_active:
if request.user.is_superuser or request.user.is_staff: if request.user.is_superuser or perm is None:
return True return True
elif request.user.has_perm(perm): elif request.user.has_perm(perm):
return True return True
@@ -214,7 +222,7 @@ class SecureAPIRequest(generic.View):
def get(self, request, model, pk=None, param=None): def get(self, request, model, pk=None, param=None):
# Request permission validation things # Request permission validation things
key = request.GET.get('apikey', None) key = request.GET.get('apikey', None)
perm = 'RIGS.view_' + model perm = self.perms[model]
self.__validate__(request, key, perm) self.__validate__(request, key, perm)
# Response format where applicable # Response format where applicable