2012-12-19 16:39:50 +08:00
|
|
|
"""
|
|
|
|
|
Provides a set of pluggable permission policies.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
from rest_framework.permissions import BasePermission
|
|
|
|
|
|
2013-02-20 20:51:37 +08:00
|
|
|
from seaserv import check_permission, is_repo_owner
|
2012-12-19 16:39:50 +08:00
|
|
|
|
2012-12-23 22:27:16 +08:00
|
|
|
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
|
|
|
|
|
|
2012-12-19 16:39:50 +08:00
|
|
|
class IsRepoWritable(BasePermission):
|
|
|
|
|
"""
|
2012-12-25 11:09:34 +08:00
|
|
|
Allows access only for user who has write permission to the repo.
|
2012-12-19 16:39:50 +08:00
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def has_permission(self, request, view, obj=None):
|
2012-12-23 22:27:16 +08:00
|
|
|
if request.method in SAFE_METHODS:
|
|
|
|
|
return True
|
|
|
|
|
|
2012-12-19 16:39:50 +08:00
|
|
|
repo_id = view.kwargs.get('repo_id', '')
|
|
|
|
|
user = request.user.username if request.user else ''
|
|
|
|
|
|
|
|
|
|
if user and check_permission(repo_id, user) == 'rw':
|
|
|
|
|
return True
|
|
|
|
|
return False
|
2012-12-25 11:09:34 +08:00
|
|
|
|
|
|
|
|
class IsRepoAccessible(BasePermission):
|
|
|
|
|
"""
|
|
|
|
|
Check whether user has Read or Write permission to a repo.
|
|
|
|
|
"""
|
|
|
|
|
def has_permission(self, request, view, obj=None):
|
|
|
|
|
repo_id = view.kwargs.get('repo_id', '')
|
|
|
|
|
user = request.user.username if request.user else ''
|
|
|
|
|
|
|
|
|
|
return True if check_permission(repo_id, user) else False
|
|
|
|
|
|
2013-02-20 20:51:37 +08:00
|
|
|
class IsRepoOwner(BasePermission):
|
|
|
|
|
"""
|
|
|
|
|
Check whether user is the owner of a repo.
|
|
|
|
|
"""
|
|
|
|
|
def has_permission(self, request, view, obj=None):
|
|
|
|
|
repo_id = view.kwargs.get('repo_id', '')
|
|
|
|
|
user = request.user.username if request.user else ''
|
|
|
|
|
|
|
|
|
|
return True if is_repo_owner(user, repo_id) else False
|
|
|
|
|
|
