Merge branch 'restframework2' into rest-framework-2-merge2.0.0

Conflicts: .gitignore .travis.yml AUTHORS README.rst djangorestframework/mixins.py djangorestframework/renderers.py djangorestframework/resources.py djangorestframework/serializer.py djangorestframework/templates/djangorestframework/base.html djangorestframework/templates/djangorestframework/login.html djangorestframework/templatetags/add_query_param.py djangorestframework/tests/accept.py djangorestframework/tests/authentication.py djangorestframework/tests/content.py djangorestframework/tests/reverse.py djangorestframework/tests/serializer.py djangorestframework/views.py docs/examples.rst docs/examples/blogpost.rst docs/examples/modelviews.rst docs/examples/objectstore.rst docs/examples/permissions.rst docs/examples/pygments.rst docs/examples/views.rst docs/howto/alternativeframeworks.rst docs/howto/mixin.rst docs/howto/reverse.rst docs/howto/usingurllib2.rst docs/index.rst docs/topics/release-notes.md examples/sandbox/views.py rest_framework/__init__.py rest_framework/compat.py rest_framework/utils/breadcrumbs.py setup.py
author: Tom Christie 2012-10-30 14:32:31 +0000
committer: Tom Christie 2012-10-30 14:32:31 +0000
commit: 9b30dab4f772f67a626e176dc4fae0a3ef9c2c81 (patch)
tree: ca138abf4792f58ffa28684f784f201ee1eef6d7 /rest_framework/permissions.py
parent: 7e5b1501b5cede61a9391fb1a751d2ebcdb37031 (diff)
parent: 4e7805cb24d73e7f706318b5e5a27e3f9ba39d14 (diff)
download: django-rest-framework-9b30dab4f772f67a626e176dc4fae0a3ef9c2c81.tar.bz2
1 files changed, 114 insertions, 0 deletions
diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
new file mode 100644
index 00000000..655b78a3
--- /dev/null
+++ b/rest_framework/permissions.py
@@ -0,0 +1,114 @@
+"""
+Provides a set of pluggable permission policies.
+"""
+
+
+SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
+
+
+class BasePermission(object):
+    """
+    A base class from which all permission classes should inherit.
+    """
+
+    def has_permission(self, request, view, obj=None):
+        """
+        Return `True` if permission is granted, `False` otherwise.
+        """
+        raise NotImplementedError(".has_permission() must be overridden.")
+
+
+class AllowAny(BasePermission):
+    """
+    Allow any access.
+    This isn't strictly required, since you could use an empty
+    permission_classes list, but it's useful because it makes the intention
+    more explicit.
+    """
+    def has_permission(self, request, view, obj=None):
+        return True
+
+
+class IsAuthenticated(BasePermission):
+    """
+    Allows access only to authenticated users.
+    """
+
+    def has_permission(self, request, view, obj=None):
+        if request.user and request.user.is_authenticated():
+            return True
+        return False
+
+
+class IsAdminUser(BasePermission):
+    """
+    Allows access only to admin users.
+    """
+
+    def has_permission(self, request, view, obj=None):
+        if request.user and request.user.is_staff:
+            return True
+        return False
+
+
+class IsAuthenticatedOrReadOnly(BasePermission):
+    """
+    The request is authenticated as a user, or is a read-only request.
+    """
+
+    def has_permission(self, request, view, obj=None):
+        if (request.method in SAFE_METHODS or
+            request.user and
+            request.user.is_authenticated()):
+            return True
+        return False
+
+
+class DjangoModelPermissions(BasePermission):
+    """
+    The request is authenticated using `django.contrib.auth` permissions.
+    See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions
+
+    It ensures that the user is authenticated, and has the appropriate
+    `add`/`change`/`delete` permissions on the model.
+
+    This permission will only be applied against view classes that
+    provide a `.model` attribute, such as the generic class-based views.
+    """
+
+    # Map methods into required permission codes.
+    # Override this if you need to also provide 'view' permissions,
+    # or if you want to provide custom permission codes.
+    perms_map = {
+        'GET': [],
+        'OPTIONS': [],
+        'HEAD': [],
+        'POST': ['%(app_label)s.add_%(model_name)s'],
+        'PUT': ['%(app_label)s.change_%(model_name)s'],
+        'PATCH': ['%(app_label)s.change_%(model_name)s'],
+        'DELETE': ['%(app_label)s.delete_%(model_name)s'],
+    }
+
+    def get_required_permissions(self, method, model_cls):
+        """
+        Given a model and an HTTP method, return the list of permission
+        codes that the user is required to have.
+        """
+        kwargs = {
+            'app_label': model_cls._meta.app_label,
+            'model_name': model_cls._meta.module_name
+        }
+        return [perm % kwargs for perm in self.perms_map[method]]
+
+    def has_permission(self, request, view, obj=None):
+        model_cls = getattr(view, 'model', None)
+        if not model_cls:
+            return True
+
+        perms = self.get_required_permissions(request.method, model_cls)
+
+        if (request.user and
+            request.user.is_authenticated() and
+            request.user.has_perms(perms, obj)):
+            return True
+        return False
author	Tom Christie	2012-10-30 14:32:31 +0000
committer	Tom Christie	2012-10-30 14:32:31 +0000
commit	9b30dab4f772f67a626e176dc4fae0a3ef9c2c81 (patch)
tree	ca138abf4792f58ffa28684f784f201ee1eef6d7 /rest_framework/permissions.py
parent	7e5b1501b5cede61a9391fb1a751d2ebcdb37031 (diff)
parent	4e7805cb24d73e7f706318b5e5a27e3f9ba39d14 (diff)
download	django-rest-framework-9b30dab4f772f67a626e176dc4fae0a3ef9c2c81.tar.bz2