Skip to content

D
django-rest-framework
Commit ecb37f51 by Tom Christie
Options

Merge pull request #2818 from maryokhin/master 

Don't check for deprecated '.model' attribute in permissions
parents c6657da5 1ddfef12
Showing with 10 additions and 19 deletions
rest_framework/permissions.py
...@@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission): ...@@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
`add`/`change`/`delete` permissions on the model. `add`/`change`/`delete` permissions on the model.
This permission can only be applied against view classes that This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute. provide a `.queryset` attribute.
""" """
# Map methods into required permission codes. # Map methods into required permission codes.
...@@ -107,24 +107,19 @@ class DjangoModelPermissions(BasePermission): ...@@ -107,24 +107,19 @@ class DjangoModelPermissions(BasePermission):
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view): def has_permission(self, request, view):
# Note that `.model` attribute on views is deprecated, although we
# enforce the deprecation on the view `get_serializer_class()` and
# `get_queryset()` methods, rather than here.
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None) queryset = getattr(view, 'queryset', None)
if model_cls is None and queryset is not None:
model_cls = queryset.model
# Workaround to ensure DjangoModelPermissions are not applied # Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter. # to the root view when using DefaultRouter.
if model_cls is None and getattr(view, '_ignore_model_permissions', False): if queryset is None and getattr(view, '_ignore_model_permissions', False):
return True return True
assert model_cls, ('Cannot apply DjangoModelPermissions on a view that' assert queryset, (
' does not have `.model` or `.queryset` property.') 'Cannot apply DjangoModelPermissions on a view that '
'does not have `.queryset` property.'
)
perms = self.get_required_permissions(request.method, model_cls) perms = self.get_required_permissions(request.method, queryset.model)
return ( return (
request.user and request.user and
...@@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions): ...@@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
`add`/`change`/`delete` permissions on the object using .has_perms. `add`/`change`/`delete` permissions on the object using .has_perms.
This permission can only be applied against view classes that This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute. provide a `.queryset` attribute.
""" """
perms_map = { perms_map = {
...@@ -171,14 +166,10 @@ class DjangoObjectPermissions(DjangoModelPermissions): ...@@ -171,14 +166,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
model_cls = getattr(view, 'model', None) model_cls = view.queryset.model
queryset = getattr(view, 'queryset', None) user = request.user
if model_cls is None and queryset is not None:
model_cls = queryset.model
perms = self.get_required_object_permissions(request.method, model_cls) perms = self.get_required_object_permissions(request.method, model_cls)
user = request.user
if not user.has_perms(perms, obj): if not user.has_perms(perms, obj):
# If the user does not have permissions we need to determine if # If the user does not have permissions we need to determine if
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment