Created
June 5, 2013 10:13
-
-
Save EdwardIII/5712914 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class UserSpecificResourcesAuthorization(Authorization): | |
def read_list(self, object_list, bundle): | |
# This assumes a ``QuerySet`` from ``ModelResource``. | |
return object_list.filter(user=bundle.request.user) | |
def read_detail(self, object_list, bundle): | |
# Is the requested object owned by the user? | |
return bundle.obj.user == bundle.request.user | |
def create_list(self, object_list, bundle): | |
# Assuming their auto-assigned to ``user``. | |
return object_list | |
def create_detail(self, object_list, bundle): | |
print "DEEEEEEEEEEEEEEBUG" | |
return bundle.obj.user == bundle.request.user | |
def update_list(self, object_list, bundle): | |
allowed = [] | |
# Since they may not all be saved, iterate over them. | |
for obj in object_list: | |
if obj.user == bundle.request.user: | |
allowed.append(obj) | |
return allowed | |
def update_detail(self, object_list, bundle): | |
return bundle.obj.user == bundle.request.user | |
def delete_list(self, object_list, bundle): | |
# Sorry user, no deletes for you! | |
raise Unauthorized("Sorry, no deletes.") | |
def delete_detail(self, object_list, bundle): | |
raise Unauthorized("Sorry, no deletes.") | |
class ValueResource(ModelResource): | |
Practices = fields.ToManyField('dashboard.api.PracticeResource', 'practice_set', full=True, null=True) | |
class Meta: | |
queryset = Value.objects.all() | |
authorization = UserSpecificResourcesAuthorization() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment