FIX: setup permission check based on group membership.

former permission check, based on django model permission won't work, because we have no model, that would create the permission.
2019-11-08 11:17:25 +01:00
parent 8bd936d2ca
commit 96ad5b30d4
3 changed files with 7 additions and 3 deletions
--- a/dav_submission/apps.py
+++ b/dav_submission/apps.py
@@ -13,6 +13,7 @@ DEFAULT_SETTINGS = (
    DefaultSetting('max_total_size_mib', 100),
    DefaultSetting('metadata_file_name', 'metadata.txt'),
    DefaultSetting('cached_zip_file_name', '.cache.zip'),
+    DefaultSetting('download_group', 'downloaders'),
 )


--- a/dav_submission/django_project_config/settings-dav_submission.py
+++ b/dav_submission/django_project_config/settings-dav_submission.py
@@ -8,4 +8,5 @@ from django.conf import settings
 # MAX_FILE_SIZE_MIB = 50
 # MAX_TOTAL_SIZE_MIB = 100
 # METADATA_FILE_NAME = 'metadata.txt'
-# CACHED_ZIP_FILE_NAME = '.cache.zip'
+# CACHED_ZIP_FILE_NAME = '.cache.zip'
+# DOWNLOAD_GROUP = 'downloaders'
--- a/dav_submission/views.py
+++ b/dav_submission/views.py
@@ -82,7 +82,8 @@ class ListView(generic.ListView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not request.user.has_perm('download_submissions'):
+        permission_group = app_config.settings.download_group
+        if not request.user.groups.filter(name=permission_group).exists():
            raise PermissionDenied()
        return super(ListView, self).dispatch(request, *args, **kwargs)

@@ -130,7 +131,8 @@ class DownloadView(generic.DetailView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not request.user.has_perm('download_submissions'):
+        permission_group = app_config.settings.download_group
+        if not request.user.groups.filter(name=permission_group).exists():
            raise PermissionDenied()
        return super(DownloadView, self).dispatch(request, *args, **kwargs)