Skip to content

Commit

Permalink
SCKAN-323 feat: Change permission to allow creation of entities
Browse files Browse the repository at this point in the history
  • Loading branch information
@afonsobspinto
afonsobspinto committed Oct 24, 2024
1 parent 6a5cfd3 commit d9607e6
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
9 changes: 8 additions & 1 deletion backend/composer/api/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def has_object_permission(self, request, view, obj):
return True


class IsOwnerOrAssignOwnerOrReadOnly(permissions.BasePermission):
class IsOwnerOrAssignOwnerOrCreateOrReadOnly(permissions.BasePermission):
"""
Custom permission to allow only the owner to edit an object,
but allow any authenticated user to assign themselves as owner,
Expand All @@ -29,6 +29,13 @@ def has_object_permission(self, request, view, obj):
# Write permissions are only allowed to the owner
return obj.owner == request.user

def has_permission(self, request, view):
# Allow authenticated users to create new objects (POST requests)
if request.method == 'POST':
return request.user.is_authenticated

# Allow access for non-object-specific safe methods (e.g., listing objects via GET)
return request.method in permissions.SAFE_METHODS

class IsOwnerOfConnectivityStatementOrReadOnly(permissions.BasePermission):
"""
Expand Down
6 changes: 3 additions & 3 deletions backend/composer/api/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
ProvenanceSerializer,
SexSerializer, ConnectivityStatementUpdateSerializer, DestinationSerializer, BaseConnectivityStatementSerializer,
)
from .permissions import IsStaffUserIfExportedStateInConnectivityStatement, IsOwnerOrAssignOwnerOrReadOnly, \
from .permissions import IsStaffUserIfExportedStateInConnectivityStatement, IsOwnerOrAssignOwnerOrCreateOrReadOnly, \
IsOwnerOfConnectivityStatementOrReadOnly
from ..models import (
AnatomicalEntity,
Expand Down Expand Up @@ -324,7 +324,7 @@ class ConnectivityStatementViewSet(
serializer_class = ConnectivityStatementSerializer
permission_classes = [
IsStaffUserIfExportedStateInConnectivityStatement,
IsOwnerOrAssignOwnerOrReadOnly,
IsOwnerOrAssignOwnerOrCreateOrReadOnly,
]
filterset_class = ConnectivityStatementFilter
service = ConnectivityStatementStateService
Expand Down Expand Up @@ -440,7 +440,7 @@ class SentenceViewSet(
queryset = Sentence.objects.all()
serializer_class = SentenceSerializer
permission_classes = [
IsOwnerOrAssignOwnerOrReadOnly,
IsOwnerOrAssignOwnerOrCreateOrReadOnly,
]
filterset_class = SentenceFilter
service = SentenceStateService
Expand Down

0 comments on commit d9607e6

Please sign in to comment.