Skip to content
Browse files

Implement permission checking in a custom field.

  • Loading branch information...
1 parent a0f8cf6 commit dd121c94e12a6e70a021ebf2c057186de6e04dd8 @markotibold markotibold committed Nov 12, 2012
Showing with 23 additions and 9 deletions.
  1. +16 −0 fiber/rest_api/fields.py
  2. +7 −9 fiber/rest_api/serializers.py
View
16 fiber/rest_api/fields.py
@@ -0,0 +1,16 @@
+from rest_framework import serializers
+
+from fiber.app_settings import PERMISSION_CLASS
+from fiber.utils import class_loader
+PERMISSIONS = class_loader.load_class(PERMISSION_CLASS)
+
+
+class CanEditField(serializers.Field):
+ """
+ A custom field that returns True if request.user has
+ permission to edit obj.
+ """
+
+ def field_to_native(self, obj, field_name):
+ return PERMISSIONS.can_edit(self.context['request'].user, obj)
+
View
16 fiber/rest_api/serializers.py
@@ -1,24 +1,27 @@
-from django.db import models
-
from rest_framework import serializers
from fiber.models import Page, PageContentItem, ContentItem, Image
+from .fields import CanEditField
+
class PageSerializer(serializers.ModelSerializer):
move_url = serializers.HyperlinkedIdentityField(view_name='page-resource-instance-move')
page_url = serializers.Field(source='get_absolute_url')
+
class Meta:
model = Page
class PageContentItemSerializer(serializers.ModelSerializer):
move_url = serializers.HyperlinkedIdentityField(view_name='page-content-item-resource-instance-move')
+
class Meta:
model = PageContentItem
class ContentItemSerializer(serializers.ModelSerializer):
+
class Meta:
model = ContentItem
@@ -27,13 +30,8 @@ class ImageSerializer(serializers.ModelSerializer):
image_url = serializers.Field(source='image.url')
filename = serializers.Field(source='get_filename')
size = serializers.Field(source='get_size')
+ can_edit = CanEditField()
+
class Meta:
model = Image
read_only_fields = ('created', 'updated')
-
-#class ImageResource(FileResource):
-# model = Image
-#
-# def can_edit(self, instance):
-# return PERMISSIONS.can_edit(self.view.user, instance)
-

0 comments on commit dd121c9

Please sign in to comment.
Something went wrong with that request. Please try again.