synthea_webservice/webservice/lib/api/base.py
2020-11-13 15:31:14 +01:00

46 lines
2.0 KiB
Python

from rest_framework import viewsets, permissions, serializers
from rest_framework.permissions import BasePermission
class IsOwner(BasePermission):
def has_object_permission (self, request, view, obj ):
"""Return 'True' if permission is granted, 'False' otherwise."""
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
return obj.researcher == request.user.researcher or obj.study.researcher == request.user.researcher
class BaseReadOnlyViewSet(viewsets.ReadOnlyModelViewSet):
permission_classes = [permissions.IsAuthenticated, IsOwner]
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
def get_queryset(self):
try:
qs = self.queryset.filter(researcher = self.request.user.researcher)
except:
qs = self.queryset.filter(study__researcher = self.request.user.researcher)
return qs
class BaseViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated, IsOwner]
# TODO: If this is the 'way to go', we should consider adding the researcher reference to all models and save actions
def get_queryset(self):
try:
qs = self.queryset.filter(researcher = self.request.user.researcher)
except:
qs = self.queryset.filter(study__researcher = self.request.user.researcher)
return qs
class BaseHyperlinkedModelSerializer(serializers.HyperlinkedModelSerializer):
# This ID field is handy to have.... Due to HyperlinkedModelSerializer we do not have this field by default
id = serializers.ReadOnlyField()
# Only show the researcher full name
researcher = serializers.StringRelatedField()
# Only show link to full researcher data
#researcher = serializers.HyperlinkedRelatedField(view_name= 'api:v1:researcher-detail', read_only=True)
# Show the full researcher information
#researcher = ResearcherSerializer(read_only=True)