Clean up resolution of HTTP verbs to permission actions

2024-05-10 07:54:54 +00:00 · 2020-07-23 13:53:36 -04:00
parent b47a9f251d
commit 84d4b2db77
1 changed files with 11 additions and 11 deletions
--- a/netbox/utilities/api.py
+++ b/netbox/utilities/api.py
@ -17,6 +17,16 @@ from rest_framework.viewsets import ModelViewSet as _ModelViewSet

 from .utils import dict_to_filter_params, dynamic_import

+HTTP_ACTIONS = {
+    'GET': 'view',
+    'OPTIONS': None,
+    'HEAD': 'view',
+    'POST': 'add',
+    'PUT': 'change',
+    'PATCH': 'change',
+    'DELETE': 'delete',
+}
+

 class ServiceUnavailable(APIException):
    status_code = 503
@ -321,18 +331,8 @@ class ModelViewSet(_ModelViewSet):
        if not request.user.is_authenticated:
            return

-        # TODO: Reconcile this with TokenPermissions.perms_map
-        action = {
-            'GET': 'view',
-            'OPTIONS': None,
-            'HEAD': 'view',
-            'POST': 'add',
-            'PUT': 'change',
-            'PATCH': 'change',
-            'DELETE': 'delete',
-        }[request.method]
-
        # Restrict the view's QuerySet to allow only the permitted objects
+        action = HTTP_ACTIONS[request.method]
        if action:
            self.queryset = self.queryset.restrict(request.user, action)