API: added "can_edit" attribute in node detail #200

ninuxorg · Jan 21, 2015 · 730c20b · 730c20b
1 parent 73779b4
commit 730c20b
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/nodeshot/core/nodes/serializers.py b/nodeshot/core/nodes/serializers.py
@@ -1,5 +1,8 @@
+from copy import copy
+
 from rest_framework import serializers, pagination
 from rest_framework.reverse import reverse
+from rest_framework.exceptions import NotAuthenticated, PermissionDenied
 from rest_framework_gis import serializers as geoserializers
 
 from nodeshot.core.base.serializers import GeoJSONPaginationSerializer
@@ -26,6 +29,19 @@
 class NodeDetailSerializer(ExtensibleNodeSerializer):
     """ node detail """
     layer = serializers.SlugRelatedField(slug_field='slug')
+    can_edit = serializers.SerializerMethodField('get_can_edit')
+
+    def get_can_edit(self, obj):
+        """ returns true if user has permission to edit, false otherwise """
+        view = self.context.get('view')
+        request = copy(self.context.get('request'))
+        request._method = 'PUT'
+        try:
+            view.check_object_permissions(request, obj)
+        except (PermissionDenied, NotAuthenticated):
+            return False
+        else:
+            return True
 
     class Meta:
         model = Node
@@ -35,7 +51,7 @@ class Meta:
             'geometry', 'elev', 'address',
             'description',
         ] + ADDITIONAL_NODE_FIELDS + [
-            'added', 'updated', 'relationships'
+            'added', 'updated', 'can_edit', 'relationships'
         ]
 
         read_only_fields = ('added', 'updated')

diff --git a/nodeshot/core/nodes/tests.py b/nodeshot/core/nodes/tests.py
@@ -441,3 +441,24 @@ def test_node_image_list_permissions(self):
         self.client.login(username='admin', password='tester')
         response = self.client.get(url)
         self.assertEqual(200, response.status_code)
+
+    def test_node_can_edit(self):
+        url = reverse('api_node_details', args=['fusolab'])
+        # cannot edit
+        response = self.client.get(url)
+        self.assertFalse(response.data['can_edit'])
+        # admin can edit
+        self.client.login(username='admin', password='tester')
+        response = self.client.get(url)
+        self.assertTrue(response.data['can_edit'])
+        self.client.logout()
+        # other user cannot edit
+        self.client.login(username='registered', password='tester')
+        response = self.client.get(url)
+        self.assertFalse(response.data['can_edit'])
+        self.client.logout()
+        # owner can edit
+        self.client.login(username='romano', password='tester')
+        response = self.client.get(url)
+        self.assertTrue(response.data['can_edit'])
+        self.client.logout()