paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-09-03 01:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Object-level permissions + filtering

Browse Source
This commit is contained in:
Michael Shamoon
2022-12-05 22:56:03 -08:00
parent dbaa606a9f
commit fad13c148e
5 changed files with 52 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/documents/permissions.py
View File

@@ -1,18 +1,29 @@
from rest_framework.permissions import BasePermission
from rest_framework.permissions import DjangoModelPermissions
from rest_framework.permissions import DjangoObjectPermissions
class PaperlessModelPermissions(DjangoModelPermissions):
class PaperlessObjectPermissions(DjangoObjectPermissions):
"""
A permissions backend that checks for object-level permissions
or for ownership.
"""
perms_map = {
"GET": ["%(app_label)s.view_%(model_name)s"],
"OPTIONS": [],
"HEAD": [],
"OPTIONS": ["%(app_label)s.view_%(model_name)s"],
"HEAD": ["%(app_label)s.view_%(model_name)s"],
"POST": ["%(app_label)s.add_%(model_name)s"],
"PUT": ["%(app_label)s.change_%(model_name)s"],
"PATCH": ["%(app_label)s.change_%(model_name)s"],
"DELETE": ["%(app_label)s.delete_%(model_name)s"],
}
def has_object_permission(self, request, view, obj):
if hasattr(obj, "owner") and request.user == obj.owner:
return True
else:
return super().has_object_permission(request, view, obj)
class PaperlessAdminPermissions(BasePermission):
def has_permission(self, request, view):