studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(documents) allow retrieving versions (list and detail)

Browse Source 
Versions are retrieved directly from object storage and served on API
endpoints. We make sure a user who is given access to a document will
only see versions that were created after s.he gained access.
This commit is contained in:
Samuel Paccoud - DINUM
2024-04-08 23:37:15 +02:00
committed by Anthony LC
parent 8e262da8f5
commit 130e7a8c99
7 changed files with 765 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/backend/core/api/permissions.py
View File

@@ -3,6 +3,10 @@ from django.core import exceptions
from rest_framework import permissions
ACTION_FOR_METHOD_TO_PERMISSION = {
"versions_detail": {"DELETE": "versions_destroy", "GET": "versions_retrieve"}
}
class IsAuthenticated(permissions.BasePermission):
"""
@@ -60,4 +64,9 @@ class AccessPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
"""Check permission for a given object."""
abilities = obj.get_abilities(request.user)
return abilities.get(view.action, False)
action = view.action
try:
action = ACTION_FOR_METHOD_TO_PERMISSION[view.action][request.method]
except KeyError:
pass
return abilities.get(action, False)