Commit 1eca1b71 authored by Roberto Rosario's avatar Roberto Rosario

Add API to show valid permissions for a model

The URL is ``/api/objects/{app}/{model}/permissions/``.
Forum topic 2858. Thanks to forum user @neuhs for the report.
Signed-off-by: Roberto Rosario's avatarRoberto Rosario <[email protected]>
parent 4d7791c3
Pipeline #181594026 skipped with stage
......@@ -9,6 +9,9 @@
- Add information about settings loading order to the settings chapter.
Closes GitLab issue #813. Thanks to Martin (@efelon) for the report and
debug information.
- Add API endpoint to show the valid permissions for a model.
The URL is ``/api/objects/{app}/{model}/permissions/``.
Forum topic 2858. Thanks to forum user @neuhs for the report.
3.4.14 (2020-08-18)
......@@ -196,6 +196,7 @@ Issues closed
- :gitlab-issue:`813` Redis password change is ignored
- :gitlab-issue:`862` Missing Widget Keyword Arguments on transition fields lead to MediaDefiningClass object argument after ** must be a mapping, not NoneType
- :forum-topic:`2858` Get allowable ACL permissions for an object
- :forum-topic:`2890` Rest API: Bug in documents_comments_update
.. _PyPI:
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import get_object_or_404
from mayan.apps.permissions.serializers import PermissionSerializer
from mayan.apps.rest_api import generics
from .classes import ModelPermission
from .models import AccessControlList
from .permissions import permission_acl_edit, permission_acl_view
from .serializers import (
......@@ -12,6 +14,24 @@ from .serializers import (
class APIClassPermissionList(generics.ListAPIView):
Returns a list of all the available permissions for a class.
serializer_class = PermissionSerializer
def get_content_type(self):
return get_object_or_404(
klass=ContentType, app_label=self.kwargs['app_label'],
def get_queryset(self):
return ModelPermission.get_for_class(
class APIObjectACLListView(generics.ListCreateAPIView):
get: Returns a list of all the object's access control lists
......@@ -3,6 +3,7 @@ from rest_framework import status
from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL
from mayan.apps.rest_api.tests.base import BaseAPITestCase
from ..classes import ModelPermission
from ..models import AccessControlList
from ..permissions import permission_acl_edit, permission_acl_view
......@@ -172,3 +173,28 @@ class ACLAPIViewTestCase(ACLTestMixin, ACLAPIViewTestMixin, BaseAPITestCase):
self.test_permission.stored_permission in self.test_acl.permissions.all()
class ClassPermissionAPIViewTestCase(ACLTestMixin, BaseAPITestCase):
auto_create_test_object = True
def test_class_permission_list_api_view(self):
class_permissions = [ for permission in ModelPermission.get_for_class(
response = self.get(
viewname='rest_api:class-permission-list', kwargs={
'app_label': self.test_object_content_type.app_label,
'model_name': self.test_object_content_type.model,
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_permissions = [
permission['pk'] for permission in['results']
self.assertEqual(class_permissions, response_permissions)
from django.conf.urls import url
from .api_views import (
APIObjectACLListView, APIObjectACLPermissionListView,
APIObjectACLPermissionView, APIObjectACLView
APIClassPermissionList, APIObjectACLListView,
APIObjectACLPermissionListView, APIObjectACLPermissionView,
from .views import (
ACLCreateView, ACLDeleteView, ACLListView, ACLPermissionsView
......@@ -28,6 +29,10 @@ urlpatterns = [
api_urls = [
name='class-permission-list', view=APIClassPermissionList.as_view()
name='accesscontrollist-list', view=APIObjectACLListView.as_view()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment