Commit 1eca1b71 authored by Roberto Rosario's avatar Roberto Rosario

Add API to show valid permissions for a model

The URL is ``/api/objects/{app}/{model}/permissions/``.
Forum topic 2858. Thanks to forum user @neuhs for the report.
Signed-off-by: Roberto Rosario's avatarRoberto Rosario <[email protected]>
parent 4d7791c3
Pipeline #181594026 skipped with stage
......@@ -9,6 +9,9 @@
- Add information about settings loading order to the settings chapter.
Closes GitLab issue #813. Thanks to Martin (@efelon) for the report and
debug information.
- Add API endpoint to show the valid permissions for a model.
The URL is ``/api/objects/{app}/{model}/permissions/``.
Forum topic 2858. Thanks to forum user @neuhs for the report.
3.4.14 (2020-08-18)
===================
......
......@@ -196,6 +196,7 @@ Issues closed
- :gitlab-issue:`813` Redis password change is ignored
- :gitlab-issue:`862` Missing Widget Keyword Arguments on transition fields lead to MediaDefiningClass object argument after ** must be a mapping, not NoneType
- :forum-topic:`2858` Get allowable ACL permissions for an object
- :forum-topic:`2890` Rest API: Bug in documents_comments_update
.. _PyPI: https://pypi.python.org/pypi/mayan-edms/
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import get_object_or_404
from mayan.apps.permissions.serializers import PermissionSerializer
from mayan.apps.rest_api import generics
from .classes import ModelPermission
from .models import AccessControlList
from .permissions import permission_acl_edit, permission_acl_view
from .serializers import (
......@@ -12,6 +14,24 @@ from .serializers import (
)
class APIClassPermissionList(generics.ListAPIView):
"""
Returns a list of all the available permissions for a class.
"""
serializer_class = PermissionSerializer
def get_content_type(self):
return get_object_or_404(
klass=ContentType, app_label=self.kwargs['app_label'],
model=self.kwargs['model_name']
)
def get_queryset(self):
return ModelPermission.get_for_class(
klass=self.get_content_type().model_class()
)
class APIObjectACLListView(generics.ListCreateAPIView):
"""
get: Returns a list of all the object's access control lists
......
......@@ -3,6 +3,7 @@ from rest_framework import status
from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL
from mayan.apps.rest_api.tests.base import BaseAPITestCase
from ..classes import ModelPermission
from ..models import AccessControlList
from ..permissions import permission_acl_edit, permission_acl_view
......@@ -172,3 +173,28 @@ class ACLAPIViewTestCase(ACLTestMixin, ACLAPIViewTestMixin, BaseAPITestCase):
self.assertTrue(
self.test_permission.stored_permission in self.test_acl.permissions.all()
)
class ClassPermissionAPIViewTestCase(ACLTestMixin, BaseAPITestCase):
auto_create_test_object = True
def test_class_permission_list_api_view(self):
class_permissions = [
permission.pk for permission in ModelPermission.get_for_class(
klass=self.test_object_content_type.model_class()
)
]
response = self.get(
viewname='rest_api:class-permission-list', kwargs={
'app_label': self.test_object_content_type.app_label,
'model_name': self.test_object_content_type.model,
}
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_permissions = [
permission['pk'] for permission in response.data['results']
]
self.assertEqual(class_permissions, response_permissions)
from django.conf.urls import url
from .api_views import (
APIObjectACLListView, APIObjectACLPermissionListView,
APIObjectACLPermissionView, APIObjectACLView
APIClassPermissionList, APIObjectACLListView,
APIObjectACLPermissionListView, APIObjectACLPermissionView,
APIObjectACLView
)
from .views import (
ACLCreateView, ACLDeleteView, ACLListView, ACLPermissionsView
......@@ -28,6 +29,10 @@ urlpatterns = [
]
api_urls = [
url(
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/permissions/$',
name='class-permission-list', view=APIClassPermissionList.as_view()
),
url(
regex=r'^objects/(?P<app_label>[-\w]+)/(?P<model_name>[-\w]+)/(?P<object_id>\d+)/acls/$',
name='accesscontrollist-list', view=APIObjectACLListView.as_view()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment