mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Clean up resolution of HTTP verbs to permission actions

Browse Source
This commit is contained in:
Jeremy Stretch
2020-07-23 13:53:36 -04:00
parent b47a9f251d
commit 84d4b2db77
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
netbox/utilities/api.py
View File

@ -17,6 +17,16 @@ from rest_framework.viewsets import ModelViewSet as _ModelViewSet
from .utils import dict_to_filter_params, dynamic_import from .utils import dict_to_filter_params, dynamic_import
HTTP_ACTIONS = {
'GET': 'view',
'OPTIONS': None,
'HEAD': 'view',
'POST': 'add',
'PUT': 'change',
'PATCH': 'change',
'DELETE': 'delete',
}
class ServiceUnavailable(APIException): class ServiceUnavailable(APIException):
status_code = 503 status_code = 503
@ -321,18 +331,8 @@ class ModelViewSet(_ModelViewSet):
if not request.user.is_authenticated: if not request.user.is_authenticated:
return return
# TODO: Reconcile this with TokenPermissions.perms_map
action = {
'GET': 'view',
'OPTIONS': None,
'HEAD': 'view',
'POST': 'add',
'PUT': 'change',
'PATCH': 'change',
'DELETE': 'delete',
}[request.method]
# Restrict the view's QuerySet to allow only the permitted objects # Restrict the view's QuerySet to allow only the permitted objects
action = HTTP_ACTIONS[request.method]
if action: if action:
self.queryset = self.queryset.restrict(request.user, action) self.queryset = self.queryset.restrict(request.user, action)