2018-12-10 02:11:54 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
2024-09-06 09:41:09 +00:00
|
|
|
from django.db.models import Q
|
|
|
|
|
|
|
|
|
|
from common.api.generic import JMSBulkModelViewSet
|
|
|
|
|
from common.utils.http import is_true
|
2023-02-22 12:04:00 +00:00
|
|
|
from rbac.permissions import RBACPermission
|
2024-09-06 09:41:09 +00:00
|
|
|
from ..const import Scope
|
2022-11-11 11:20:17 +00:00
|
|
|
from ..models import AdHoc
|
2024-09-06 09:41:09 +00:00
|
|
|
from ..serializers import AdHocSerializer
|
2018-12-10 02:11:54 +00:00
|
|
|
|
|
|
|
|
__all__ = [
|
2022-11-11 11:20:17 +00:00
|
|
|
'AdHocViewSet'
|
2018-12-10 02:11:54 +00:00
|
|
|
]
|
2017-03-22 16:15:25 +00:00
|
|
|
|
|
|
|
|
|
2024-09-06 09:41:09 +00:00
|
|
|
class AdHocViewSet(JMSBulkModelViewSet):
|
|
|
|
|
queryset = AdHoc.objects.all()
|
2022-11-17 12:10:13 +00:00
|
|
|
serializer_class = AdHocSerializer
|
2023-02-22 12:04:00 +00:00
|
|
|
permission_classes = (RBACPermission,)
|
2023-02-09 09:44:35 +00:00
|
|
|
search_fields = ('name', 'comment')
|
2024-09-06 09:41:09 +00:00
|
|
|
filterset_fields = ['scope', 'creator']
|
|
|
|
|
|
|
|
|
|
def check_object_permissions(self, request, obj):
|
|
|
|
|
if request.method != 'GET' and obj.creator != request.user:
|
|
|
|
|
self.permission_denied(
|
|
|
|
|
request, message={"detail": "Deleting other people's script is not allowed"}
|
|
|
|
|
)
|
|
|
|
|
return super().check_object_permissions(request, obj)
|
2022-12-15 09:25:21 +00:00
|
|
|
|
|
|
|
|
def get_queryset(self):
|
|
|
|
|
queryset = super().get_queryset()
|
2024-09-06 09:41:09 +00:00
|
|
|
user = self.request.user
|
2024-09-11 10:01:01 +00:00
|
|
|
if is_true(self.request.query_params.get('only_mine')):
|
2024-09-06 09:41:09 +00:00
|
|
|
queryset = queryset.filter(creator=user)
|
|
|
|
|
else:
|
|
|
|
|
queryset = queryset.filter(Q(creator=user) | Q(scope=Scope.public))
|
|
|
|
|
return queryset
|
