Simplify API permission validators

9a3a2031 · James Graham · f483035d · 9a3a2031
Commit 9a3a2031 authored 6 years ago by James Graham
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -3,11 +3,9 @@ from rest_framework import permissions
 from datasources import models
-# TODO make permission class factory
+class BaseUserPermission(permissions.BasePermission):
-# TODO write permission tests
-class ViewPermission(permissions.BasePermission):
    message = 'You do not have permission to access this resource.'
+    permission_level = models.UserPermissionLevels.NONE
    def has_object_permission(self, request, view, obj):
        if not obj.access_control:
@@ -19,64 +17,27 @@ class ViewPermission(permissions.BasePermission):
                datasource=obj
            )
-            return permission.granted >= models.UserPermissionLevels.VIEW
+            return permission.granted >= self.permission_level
        except models.UserPermissionLink.DoesNotExist:
            return False
-class MetadataPermission(permissions.BasePermission):
+class ViewPermission(BaseUserPermission):
-    message = 'You do not have permission to access the metadata of this resource.'
+    message = 'You do not have permission to access this resource.'
+    permission_level = models.UserPermissionLevels.VIEW
-    def has_object_permission(self, request, view, obj):
-        if not obj.access_control:
-            return True
-        try:
-            permission = models.UserPermissionLink.objects.get(
-                user=request.user,
-                datasource=obj
-            )
-            return permission.granted >= models.UserPermissionLevels.META
-        except models.UserPermissionLink.DoesNotExist:
+class MetadataPermission(BaseUserPermission):
-            return False
+    message = 'You do not have permission to access the metadata of this resource.'
+    permission_level = models.UserPermissionLevels.META
-class DataPermission(permissions.BasePermission):
+class DataPermission(BaseUserPermission):
    message = 'You do not have permission to access the data of this resource.'
+    permission_level = models.UserPermissionLevels.DATA
-    def has_object_permission(self, request, view, obj):
-        if not obj.access_control:
-            return True
-        try:
-            permission = models.UserPermissionLink.objects.get(
-                user=request.user,
-                datasource=obj
-            )
-            return permission.granted >= models.UserPermissionLevels.DATA
-        except models.UserPermissionLink.DoesNotExist:
+class ProvPermission(BaseUserPermission):
-            return False
-class ProvPermission(permissions.BasePermission):
    message = 'You do not have permission to access the prov data of this resource.'
+    permission_level = models.UserPermissionLevels.PROV
-    def has_object_permission(self, request, view, obj):
-        if not obj.access_control:
-            return True
-        try:
-            permission = models.UserPermissionLink.objects.get(
-                user=request.user,
-                datasource=obj
-            )
-            return permission.granted >= models.UserPermissionLevels.PROV
-        except models.UserPermissionLink.DoesNotExist:
-            return False