api: allow @permission_required with no object permission
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
a9db538c63
commit
5d37012075
|
@ -1,13 +1,13 @@
|
|||
"""API Decorators"""
|
||||
from functools import wraps
|
||||
from typing import Callable
|
||||
from typing import Callable, Optional
|
||||
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
|
||||
|
||||
def permission_required(perm: str, *other_perms: str):
|
||||
def permission_required(perm: Optional[str] = None, *other_perms: str):
|
||||
"""Check permissions for a single custom action"""
|
||||
|
||||
def wrapper_outter(func: Callable):
|
||||
|
@ -15,6 +15,7 @@ def permission_required(perm: str, *other_perms: str):
|
|||
|
||||
@wraps(func)
|
||||
def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response:
|
||||
if perm:
|
||||
obj = self.get_object()
|
||||
if not request.user.has_perm(perm, obj):
|
||||
return self.permission_denied(request)
|
||||
|
|
Reference in New Issue