From: Łukasz Rekucki Date: Fri, 16 Oct 2009 10:30:52 +0000 (+0200) Subject: Próba naprawienia uprawnień. X-Git-Url: https://git.mdrn.pl/redakcja.git/commitdiff_plain/5a8f55e2911b9a6aa38499da2c54b6068152f1cf?ds=inline;hp=--cc Próba naprawienia uprawnień. --- 5a8f55e2911b9a6aa38499da2c54b6068152f1cf diff --git a/apps/api/handlers/library_handlers.py b/apps/api/handlers/library_handlers.py index f7d57849..607ac959 100644 --- a/apps/api/handlers/library_handlers.py +++ b/apps/api/handlers/library_handlers.py @@ -42,14 +42,14 @@ def check_user(request, user): log.info("user: %r, perm: %r" % (request.user, request.user.get_all_permissions()) ) #pull request if is_prq(user): - if not request.user.has_perm('api.pullrequest.can_view'): + if not request.user.has_perm('api.view_prq'): yield response.AccessDenied().django_response({ 'reason': 'access-denied', 'message': "You don't have enough priviliges to view pull requests." }) # other users elif request.user.username != user: - if not request.user.has_perm('api.document.can_view_other'): + if not request.user.has_perm('api.view_other_document'): yield response.AccessDenied().django_response({ 'reason': 'access-denied', 'message': "You don't have enough priviliges to view other people's document." @@ -648,7 +648,7 @@ class MergeHandler(BaseHandler): "message": "There are unresolved conflicts in your file. Fix them, and try again." }) - if not request.user.has_perm('api.document.can_share'): + if not request.user.has_perm('api.share_document'): # User is not permitted to make a merge, right away # So we instead create a pull request in the database try: diff --git a/apps/api/handlers/manage_handlers.py b/apps/api/handlers/manage_handlers.py index 5905724f..df32b8b5 100644 --- a/apps/api/handlers/manage_handlers.py +++ b/apps/api/handlers/manage_handlers.py @@ -18,7 +18,7 @@ class PullRequestListHandler(BaseHandler): allowed_methods = ('GET',) def read(self, request): - if request.user.has_perm('api.pullrequest.can_change'): + if request.user.has_perm('change_pullrequest'): return PullRequest.objects.all() else: return PullRequest.objects.filter(commiter=request.user) @@ -33,7 +33,7 @@ class PullRequestHandler(BaseHandler): def update(self, request, prq_id): """Change the status of request""" - if not request.user.has_perm('api.pullrequest.can_change'): + if not request.user.has_perm('change_pullrequest'): return AccessDenied().django_response("Insufficient priviliges") prq = PullRequest.objects.get(id=prq_id) diff --git a/apps/api/models.py b/apps/api/models.py index 90f962e0..82525898 100644 --- a/apps/api/models.py +++ b/apps/api/models.py @@ -59,7 +59,7 @@ class PullRequest(models.Model): class Meta: permissions = ( - ("pullrequest.can_view", "Can view pull request's contents."), + ("view_prq", "Can view pull request's contents."), ) @@ -68,6 +68,6 @@ class PullRequest(models.Model): class Document(models.Model): class Meta: permissions = ( - ("document.can_share", "Can share documents without pull requests."), - ("document.can_view_other", "Can view other's documents."), + ("share_document", "Can share documents without pull requests."), + ("view_other_document", "Can view other's documents."), ) \ No newline at end of file