Skip to content

permissions

management.permissions ¤

Customised permissions.

Classes¤

CustomDjangoModelPermissions ¤

Bases: DjangoModelPermissions

Modify DjangoModelPermissions to allow only users with view permissions to do GET, OPTIONS and HEAD requests.

Functions¤

get_queryset(db_field, user) ¤

Return a queryset based on the permissions of the user.

Returns queryset of public objects and objects that the user has change permisions for. For the case of Station objects, having the change permission is necessary to include the object in the queryset - being Public is not enough.

Parameters:

Name Type Description Default
db_field Field

Field to filter.

required
user Model

User to check permissions for.

required

Returns:

Type Description
QuerySet

model.QuerySet: Queryset of objects that the user has permissions for.

Source code in management/permissions.py
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
def get_queryset(db_field: model.Field, user: model.Model) -> model.QuerySet:
    """Return a queryset based on the permissions of the user.

    Returns queryset of public objects and objects that the user has change permisions
    for. For the case of `Station` objects, having the `change` permission is
    necessary to include the object in the queryset - being `Public` is not enough.

    Args:
        db_field (model.Field): Field to filter.
        user (model.Model): User to check permissions for.

    Returns:
        model.QuerySet: Queryset of objects that the user has permissions for.
    """
    app_name = db_field.related_model._meta.app_label
    model_name = db_field.related_model._meta.model_name
    user_objects = get_objects_for_user(user, f"{app_name}.change_{model_name}")
    public_objects = (
        db_field.related_model.objects.none()
        if model_name == "station"
        else db_field.related_model.objects.filter(visibility="public")
    )
    return user_objects | public_objects