studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(models/api) add link access reach and role

Browse Source 
Link access was either public or private and was only allowing readers.

This commit makes link access more powerful:
- link reach can be private (users need to obtain specific access by
  document's administrators), restricted (any authenticated user) or
  public (anybody including anonymous users)
- link role can be reader or editor.

It is thus now possible to give editor access to an anonymous user or
any authenticated user.
This commit is contained in:
Samuel Paccoud - DINUM
2024-09-08 23:37:49 +02:00
committed by Samuel Paccoud
parent 41260de1c3
commit 494638d306
21 changed files with 744 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/core/api/permissions.py
View File

@@ -62,6 +62,9 @@ class IsOwnedOrPublic(IsAuthenticated):
class AccessPermission(permissions.BasePermission):
"""Permission class for access objects."""
def has_permission(self, request, view):
return request.user.is_authenticated or view.action != "create"
def has_object_permission(self, request, view, obj):
"""Check permission for a given object."""
abilities = obj.get_abilities(request.user)