testing with user permission

2025-12-24 02:39:20 -05:00 · 2020-06-17 11:06:08 +02:00
parent bbaedfad33
commit 4ee5a4fd9f
4 changed files with 13 additions and 6 deletions
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@@ -93,6 +93,8 @@ class DRFOwnerPermissions(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if not request.user.is_authenticated:
            return False
+        #if request.user.is_superuser:
+        #    return True
        if owner := getattr(obj, 'created_by', None):
            return owner == request.user
        if owner := getattr(obj, 'user', None):
--- a/cookbook/urls.py
+++ b/cookbook/urls.py
@@ -9,7 +9,7 @@ from cookbook.views import api, import_export
 from cookbook.helper import dal

 router = routers.DefaultRouter()
-#router.register(r'user-preference', api.UserPreferenceViewSet)
+router.register(r'user-preference', api.UserPreferenceViewSet)
 router.register(r'recipe', api.RecipeViewSet)
 router.register(r'meal-plan', api.MealPlanViewSet)
 router.register(r'meal-type', api.MealTypeViewSet)
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@@ -13,7 +13,7 @@ from django.utils.translation import gettext as _
 from icalendar import Calendar, Event
 from rest_framework import viewsets, permissions
 from rest_framework.exceptions import APIException
-from rest_framework.mixins import RetrieveModelMixin, UpdateModelMixin
+from rest_framework.mixins import RetrieveModelMixin, UpdateModelMixin, ListModelMixin

 from cookbook.helper.permission_helper import group_required, DRFOwnerPermissions
 from cookbook.models import Recipe, Sync, Storage, CookLog, MealPlan, MealType, ViewLog, UserPreference
@@ -24,7 +24,7 @@ from cookbook.serializer import MealPlanSerializer, MealTypeSerializer, RecipeSe

 class UserNameViewSet(viewsets.ModelViewSet):
    """
-    list:  
+    list:
    optional parameters

    - **filter_list**: array of user id's to get names for
@@ -46,15 +46,17 @@ class UserNameViewSet(viewsets.ModelViewSet):
        return queryset


-class UserPreferenceViewSet(RetrieveModelMixin, UpdateModelMixin, viewsets.GenericViewSet):
+class UserPreferenceViewSet(RetrieveModelMixin, UpdateModelMixin, ListModelMixin, viewsets.GenericViewSet):
    """
    Update user preference settings
    """
    queryset = UserPreference.objects.all()
    serializer_class = UserPreferenceSerializer
    permission_classes = [DRFOwnerPermissions, ]
-    # TODO disable create view
+
    def get_queryset(self):
+        if self.request.user.is_superuser:
+            return UserPreference.objects.all()
        return UserPreference.objects.filter(user=self.request.user).all()


--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -94,7 +94,10 @@ REST_FRAMEWORK = {
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.BasicAuthentication',
-    )
+    ),
+    'DEFAULT_PERMISSION_CLASSES': [
+        'rest_framework.permissions.IsAuthenticated',
+    ]
 }

 ROOT_URLCONF = 'recipes.urls'