8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-23 15:33:45 +00:00
This commit is contained in:
chapeau 2021-05-13 19:26:54 +02:00
parent 567c20a0f1
commit 8e370a15d9

View file

@ -63,7 +63,7 @@ def _get_param_in_view(view, param_name):
"cannot apply {} on a view that does not set " "cannot apply {} on a view that does not set "
"`.{}` or have a `.get_{}()` method." "`.{}` or have a `.get_{}()` method."
).format( ).format(
self.__class__.__name__, param_name, param_name view.__class__.__name__, param_name, param_name
) )
if hasattr(view, "get_" + param_name): if hasattr(view, "get_" + param_name):
@ -213,7 +213,7 @@ class AutodetectACLPermission(permissions.BasePermission):
return [perm(obj) for perm in self.perms_obj_map[method]] return [perm(obj) for perm in self.perms_obj_map[method]]
@staticmethod @ staticmethod
def _queryset(view): def _queryset(view):
return _get_param_in_view(view, "queryset") return _get_param_in_view(view, "queryset")
@ -240,9 +240,7 @@ class AutodetectACLPermission(permissions.BasePermission):
if getattr(view, "_ignore_model_permissions", False): if getattr(view, "_ignore_model_permissions", False):
return True return True
# Bypass permission verifications if it is a functional view if not getattr(view, "queryset", None):
# (permissions are handled by ACL)
if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"):
return True return True
if not request.user or not request.user.is_authenticated: if not request.user or not request.user.is_authenticated:
@ -279,7 +277,8 @@ class AutodetectACLPermission(permissions.BasePermission):
# they have read permissions to see 403, or not, and simply see # they have read permissions to see 403, or not, and simply see
# a 404 response. # a 404 response.
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE") SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
"POST", "PUT", "PATCH", "DELETE")
if request.method in SAFE_METHODS: if request.method in SAFE_METHODS:
# Read permissions already checked and failed, no need # Read permissions already checked and failed, no need