Skip to content

Commit

Permalink
Add negation ~ operator to permissions composition (encode#6361)
Browse files Browse the repository at this point in the history
  • Loading branch information
adrienbrunet authored and Pierre Chiquet committed Mar 24, 2020
1 parent 7c00cc7 commit 6d0ece6
Showing 3 changed files with 49 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/api-guide/permissions.md
Original file line number Diff line number Diff line change
@@ -134,7 +134,7 @@ Provided they inherit from `rest_framework.permissions.BasePermission`, permissi
}
return Response(content)

__Note:__ it only supports & -and- and | -or-.
__Note:__ it supports & (and), | (or) and ~ (not).

---

24 changes: 24 additions & 0 deletions rest_framework/permissions.py
Original file line number Diff line number Diff line change
@@ -24,6 +24,19 @@ def __rand__(self, other):
def __ror__(self, other):
return OperandHolder(OR, other, self)

def __invert__(self):
return SingleOperandHolder(NOT, self)


class SingleOperandHolder(OperationHolderMixin):
def __init__(self, operator_class, op1_class):
self.operator_class = operator_class
self.op1_class = op1_class

def __call__(self, *args, **kwargs):
op1 = self.op1_class(*args, **kwargs)
return self.operator_class(op1)


class OperandHolder(OperationHolderMixin):
def __init__(self, operator_class, op1_class, op2_class):
@@ -73,6 +86,17 @@ def has_object_permission(self, request, view, obj):
)


class NOT:
def __init__(self, op1):
self.op1 = op1

def has_permission(self, request, view):
return not self.op1.has_permission(request, view)

def has_object_permission(self, request, view, obj):
return not self.op1.has_object_permission(request, view, obj)


class BasePermissionMetaclass(OperationHolderMixin, type):
pass

25 changes: 24 additions & 1 deletion tests/test_permissions.py
Original file line number Diff line number Diff line change
@@ -580,7 +580,19 @@ def test_or_true(self):
composed_perm = permissions.IsAuthenticated | permissions.AllowAny
assert composed_perm().has_permission(request, None) is True

def test_several_levels(self):
def test_not_false(self):
request = factory.get('/1', format='json')
request.user = AnonymousUser()
composed_perm = ~permissions.IsAuthenticated
assert composed_perm().has_permission(request, None) is True

def test_not_true(self):
request = factory.get('/1', format='json')
request.user = self.user
composed_perm = ~permissions.AllowAny
assert composed_perm().has_permission(request, None) is False

def test_several_levels_without_negation(self):
request = factory.get('/1', format='json')
request.user = self.user
composed_perm = (
@@ -591,6 +603,17 @@ def test_several_levels(self):
)
assert composed_perm().has_permission(request, None) is True

def test_several_levels_and_precedence_with_negation(self):
request = factory.get('/1', format='json')
request.user = self.user
composed_perm = (
permissions.IsAuthenticated &
~ permissions.IsAdminUser &
permissions.IsAuthenticated &
~(permissions.IsAdminUser & permissions.IsAdminUser)
)
assert composed_perm().has_permission(request, None) is True

def test_several_levels_and_precedence(self):
request = factory.get('/1', format='json')
request.user = self.user

0 comments on commit 6d0ece6

Please sign in to comment.