cgiacofei/TandoorRecipes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change guest recipe permission

Browse Source
This commit is contained in:
vabene1111 2023-07-18 10:54:20 +02:00
parent a497a6b7f5
commit a8f1cd26cd
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cookbook/helper/permission_helper.py
View File

@ -322,7 +322,7 @@ class CustomRecipePermission(permissions.BasePermission):
def has_permission(self, request, view): # user is either at least a guest or a share link is given and the request is safe def has_permission(self, request, view): # user is either at least a guest or a share link is given and the request is safe
share = request.query_params.get('share', None) share = request.query_params.get('share', None)
return has_group_permission(request.user, ['guest']) or (share and request.method in SAFE_METHODS and 'pk' in view.kwargs) return ((has_group_permission(request.user, ['guest']) and request.method in SAFE_METHODS) or has_group_permission(request.user, ['user'])) or (share and request.method in SAFE_METHODS and 'pk' in view.kwargs)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
share = request.query_params.get('share', None) share = request.query_params.get('share', None)
@ -332,7 +332,7 @@ class CustomRecipePermission(permissions.BasePermission):
if obj.private: if obj.private:
return ((obj.created_by == request.user) or (request.user in obj.shared.all())) and obj.space == request.space return ((obj.created_by == request.user) or (request.user in obj.shared.all())) and obj.space == request.space
else: else:
return has_group_permission(request.user, ['guest']) and obj.space == request.space return ((has_group_permission(request.user, ['guest']) and request.method in SAFE_METHODS) or has_group_permission(request.user, ['user'])) and obj.space == request.space
class CustomUserPermission(permissions.BasePermission): class CustomUserPermission(permissions.BasePermission):

6
cookbook/tests/api/test_api_recipe.py
View File

@ -81,10 +81,10 @@ def test_share_permission(recipe_1_s1, u1_s1, u1_s2, u2_s1, a_u):
@pytest.mark.parametrize("arg", [ @pytest.mark.parametrize("arg", [
['a_u', 403], ['a_u', 403],
['g1_s1', 200], ['g1_s1', 403],
['u1_s1', 200], ['u1_s1', 200],
['a1_s1', 200], ['a1_s1', 200],
['g1_s2', 404], ['g1_s2', 403],
['u1_s2', 404], ['u1_s2', 404],
['a1_s2', 404], ['a1_s2', 404],
]) ])
@ -140,7 +140,7 @@ def test_update_private_recipe(u1_s1, u2_s1, recipe_1_s1):
@pytest.mark.parametrize("arg", [ @pytest.mark.parametrize("arg", [
['a_u', 403], ['a_u', 403],
['g1_s1', 201], ['g1_s1', 403],
['u1_s1', 201], ['u1_s1', 201],
['a1_s1', 201], ['a1_s1', 201],
]) ])