46 lines
2.0 KiB
Python
46 lines
2.0 KiB
Python
|
from rest_framework import viewsets, permissions, serializers
|
||
|
from rest_framework.permissions import BasePermission
|
||
|
|
||
|
class IsOwner(BasePermission):
|
||
|
def has_object_permission (self, request, view, obj ):
|
||
|
"""Return 'True' if permission is granted, 'False' otherwise."""
|
||
|
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
|
||
|
return obj.researcher == request.user.researcher or obj.study.researcher == request.user.researcher
|
||
|
|
||
|
class BaseReadOnlyViewSet(viewsets.ReadOnlyModelViewSet):
|
||
|
permission_classes = [permissions.IsAuthenticated, IsOwner]
|
||
|
|
||
|
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
|
||
|
def get_queryset(self):
|
||
|
try:
|
||
|
qs = self.queryset.filter(researcher = self.request.user.researcher)
|
||
|
except:
|
||
|
qs = self.queryset.filter(study__researcher = self.request.user.researcher)
|
||
|
|
||
|
return qs
|
||
|
|
||
|
class BaseViewSet(viewsets.ModelViewSet):
|
||
|
permission_classes = [permissions.IsAuthenticated, IsOwner]
|
||
|
|
||
|
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
|
||
|
def get_queryset(self):
|
||
|
try:
|
||
|
qs = self.queryset.filter(researcher = self.request.user.researcher)
|
||
|
except:
|
||
|
qs = self.queryset.filter(study__researcher = self.request.user.researcher)
|
||
|
|
||
|
return qs
|
||
|
|
||
|
class BaseHyperlinkedModelSerializer(serializers.HyperlinkedModelSerializer):
|
||
|
# This ID field is handy to have.... Due to HyperlinkedModelSerializer we do not have this field by default
|
||
|
id = serializers.ReadOnlyField()
|
||
|
|
||
|
# Only show the researcher full name
|
||
|
researcher = serializers.StringRelatedField()
|
||
|
|
||
|
# Only show link to full researcher data
|
||
|
#researcher = serializers.HyperlinkedRelatedField(view_name= 'api:v1:researcher-detail', read_only=True)
|
||
|
|
||
|
# Show the full researcher information
|
||
|
#researcher = ResearcherSerializer(read_only=True)
|