Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't check for deprecated '.model' attribute in permissions #2818

Merged
merged 1 commit into from
Apr 17, 2015
Merged

Don't check for deprecated '.model' attribute in permissions #2818

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 10 additions & 19 deletions rest_framework/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission):
`add`/`change`/`delete` permissions on the model.

This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute.
provide a `.queryset` attribute.
"""

# Map methods into required permission codes.
Expand Down Expand Up @@ -107,24 +107,19 @@ def get_required_permissions(self, method, model_cls):
return [perm % kwargs for perm in self.perms_map[method]]

def has_permission(self, request, view):
# Note that `.model` attribute on views is deprecated, although we
# enforce the deprecation on the view `get_serializer_class()` and
# `get_queryset()` methods, rather than here.
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None)

if model_cls is None and queryset is not None:
model_cls = queryset.model

# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if model_cls is None and getattr(view, '_ignore_model_permissions', False):
if queryset is None and getattr(view, '_ignore_model_permissions', False):
return True

assert model_cls, ('Cannot apply DjangoModelPermissions on a view that'
' does not have `.model` or `.queryset` property.')
assert queryset, (
'Cannot apply DjangoModelPermissions on a view that '
'does not have `.queryset` property.'
)

perms = self.get_required_permissions(request.method, model_cls)
perms = self.get_required_permissions(request.method, queryset.model)

return (
request.user and
Expand All @@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
`add`/`change`/`delete` permissions on the object using .has_perms.

This permission can only be applied against view classes that
provide a `.model` or `.queryset` attribute.
provide a `.queryset` attribute.
"""

perms_map = {
Expand All @@ -171,14 +166,10 @@ def get_required_object_permissions(self, method, model_cls):
return [perm % kwargs for perm in self.perms_map[method]]

def has_object_permission(self, request, view, obj):
model_cls = getattr(view, 'model', None)
queryset = getattr(view, 'queryset', None)

if model_cls is None and queryset is not None:
model_cls = queryset.model
model_cls = view.queryset.model
user = request.user

perms = self.get_required_object_permissions(request.method, model_cls)
user = request.user

if not user.has_perms(perms, obj):
# If the user does not have permissions we need to determine if
Expand Down