added ability to mark recipes as private

2026-01-03 05:11:31 -05:00 · 2022-07-13 15:46:39 +02:00
parent 51076d4ced
commit e91790f5ac
10 changed files with 224 additions and 56 deletions
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@@ -299,6 +299,27 @@ class CustomIsShare(permissions.BasePermission):
        return False


+class CustomRecipePermission(permissions.BasePermission):
+    """
+    Custom permission class for recipe api endpoint
+    """
+    message = _('You do not have the required permissions to view this page!')
+
+    def has_permission(self, request, view):  # user is either at least a guest or a share link is given and the request is safe
+        share = request.query_params.get('share', None)
+        return has_group_permission(request.user, ['guest']) or (share and request.method in SAFE_METHODS and 'pk' in view.kwargs)
+
+    def has_object_permission(self, request, view, obj):
+        share = request.query_params.get('share', None)
+        if share:
+            return share_link_valid(obj, share)
+        else:
+            if obj.private:
+                return ((obj.created_by == request.user) or (request.user in obj.shared.all())) and obj.space == request.space
+            else:
+                return has_group_permission(request.user, ['guest']) and obj.space == request.space
+
+
 def above_space_limit(space):  # TODO add file storage limit
    """
    Test if the space has reached any limit (e.g. max recipes, users, ..)