paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add Django model permissions to API endpoints

Browse Source
This commit is contained in:
Michael Shamoon 2022-11-14 01:32:50 -08:00
parent f461485aa0
commit 70eb22df42
3 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/documents/permissions.py Normal file
View File

@ -0,0 +1,13 @@
from rest_framework.permissions import DjangoModelPermissions
class PaperlessModelPermissions(DjangoModelPermissions):
perms_map = {
"GET": ["%(app_label)s.view_%(model_name)s"],
"OPTIONS": [],
"HEAD": [],
"POST": ["%(app_label)s.add_%(model_name)s"],
"PUT": ["%(app_label)s.change_%(model_name)s"],
"PATCH": ["%(app_label)s.change_%(model_name)s"],
"DELETE": ["%(app_label)s.delete_%(model_name)s"],
}

13
src/documents/views.py
View File

@ -28,6 +28,7 @@ from django.utils.translation import get_language
from django.views.decorators.cache import cache_control from django.views.decorators.cache import cache_control
from django.views.generic import TemplateView from django.views.generic import TemplateView
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from documents.permissions import PaperlessModelPermissions
from documents.tasks import consume_file from documents.tasks import consume_file
from packaging import version as packaging_version from packaging import version as packaging_version
from paperless import version from paperless import version
@ -144,7 +145,7 @@ class CorrespondentViewSet(ModelViewSet):
serializer_class = CorrespondentSerializer serializer_class = CorrespondentSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = CorrespondentFilterSet filterset_class = CorrespondentFilterSet
ordering_fields = ( ordering_fields = (
@ -170,7 +171,7 @@ class TagViewSet(ModelViewSet):
return TagSerializer return TagSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = TagFilterSet filterset_class = TagFilterSet
ordering_fields = ("name", "matching_algorithm", "match", "document_count") ordering_fields = ("name", "matching_algorithm", "match", "document_count")
@ -185,7 +186,7 @@ class DocumentTypeViewSet(ModelViewSet):
serializer_class = DocumentTypeSerializer serializer_class = DocumentTypeSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = DocumentTypeFilterSet filterset_class = DocumentTypeFilterSet
ordering_fields = ("name", "matching_algorithm", "match", "document_count") ordering_fields = ("name", "matching_algorithm", "match", "document_count")
@ -202,7 +203,7 @@ class DocumentViewSet(
queryset = Document.objects.all() queryset = Document.objects.all()
serializer_class = DocumentSerializer serializer_class = DocumentSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, SearchFilter, OrderingFilter) filter_backends = (DjangoFilterBackend, SearchFilter, OrderingFilter)
filterset_class = DocumentFilterSet filterset_class = DocumentFilterSet
search_fields = ("title", "correspondent__name", "content") search_fields = ("title", "correspondent__name", "content")
@ -550,7 +551,7 @@ class SavedViewViewSet(ModelViewSet):
queryset = SavedView.objects.all() queryset = SavedView.objects.all()
serializer_class = SavedViewSerializer serializer_class = SavedViewSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
def get_queryset(self): def get_queryset(self):
user = self.request.user user = self.request.user
@ -826,7 +827,7 @@ class StoragePathViewSet(ModelViewSet):
serializer_class = StoragePathSerializer serializer_class = StoragePathSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = StoragePathFilterSet filterset_class = StoragePathFilterSet
ordering_fields = ("name", "path", "matching_algorithm", "match", "document_count") ordering_fields = ("name", "path", "matching_algorithm", "match", "document_count")

5
src/paperless/views.py
View File

@ -6,6 +6,7 @@ from django.db.models.functions import Lower
from django.http import HttpResponse from django.http import HttpResponse
from django.views.generic import View from django.views.generic import View
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from documents.permissions import PaperlessModelPermissions
from paperless.filters import GroupFilterSet from paperless.filters import GroupFilterSet
from paperless.filters import UserFilterSet from paperless.filters import UserFilterSet
from paperless.serialisers import GroupSerializer from paperless.serialisers import GroupSerializer
@ -42,7 +43,7 @@ class UserViewSet(ModelViewSet):
serializer_class = UserSerializer serializer_class = UserSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = UserFilterSet filterset_class = UserFilterSet
ordering_fields = ("username",) ordering_fields = ("username",)
@ -55,7 +56,7 @@ class GroupViewSet(ModelViewSet):
serializer_class = GroupSerializer serializer_class = GroupSerializer
pagination_class = StandardPagination pagination_class = StandardPagination
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated, PaperlessModelPermissions)
filter_backends = (DjangoFilterBackend, OrderingFilter) filter_backends = (DjangoFilterBackend, OrderingFilter)
filterset_class = GroupFilterSet filterset_class = GroupFilterSet
ordering_fields = ("name",) ordering_fields = ("name",)