Add permissions.py

6 years ago · 39e3be22a2
2 changed files with 44 additions and 39 deletions
--- a/app/server/permissions.py
+++ b/app/server/permissions.py
@ -0,0 +1,42 @@
+from django.contrib.auth.mixins import UserPassesTestMixin
+from django.shortcuts import get_object_or_404
+from rest_framework.permissions import BasePermission, SAFE_METHODS, IsAdminUser
+
+from .models import Project
+
+
+class IsProjectUser(BasePermission):
+
+    def has_permission(self, request, view):
+        user = request.user
+        project_id = view.kwargs.get('project_id')
+        project = get_object_or_404(Project, pk=project_id)
+
+        return user in project.users.all()
+
+
+class IsAdminUserAndWriteOnly(BasePermission):
+
+    def has_permission(self, request, view):
+        if request.method in SAFE_METHODS:
+            return True
+
+        return IsAdminUser().has_permission(request, view)
+
+
+class IsOwnAnnotation(BasePermission):
+
+    def has_permission(self, request, view):
+        user = request.user
+        project_id = view.kwargs.get('project_id')
+        annotation_id = view.kwargs.get('annotation_id')
+        project = get_object_or_404(Project, pk=project_id)
+        Annotation = project.get_annotation_class()
+        annotation = Annotation.objects.get(id=annotation_id)
+
+        return annotation.user == user
+
+
+class SuperUserMixin(UserPassesTestMixin):
+    def test_func(self):
+        return self.request.user.is_superuser
--- a/app/server/views.py
+++ b/app/server/views.py
@ -3,7 +3,6 @@ from itertools import chain
 from collections import Counter
 from io import TextIOWrapper

-from django.contrib.auth.mixins import UserPassesTestMixin
 from django.urls import reverse
 from django_filters.rest_framework import DjangoFilterBackend
 from django.http import HttpResponse, HttpResponseRedirect
@ -16,19 +15,15 @@ from rest_framework import viewsets, filters, generics
 from rest_framework.views import APIView
 from rest_framework.decorators import action
 from rest_framework.response import Response
-from rest_framework.permissions import SAFE_METHODS, BasePermission, IsAdminUser, IsAuthenticated
+from rest_framework.permissions import IsAdminUser, IsAuthenticated

+from .permissions import IsProjectUser, IsAdminUserAndWriteOnly, IsOwnAnnotation, SuperUserMixin
 from .forms import ProjectForm
 from .models import Label, Document, Project
 from .models import DocumentAnnotation, SequenceAnnotation, Seq2seqAnnotation
 from .serializers import LabelSerializer, ProjectSerializer


-class SuperUserMixin(UserPassesTestMixin):
-    def test_func(self):
-        return self.request.user.is_superuser
-
-
 class IndexView(TemplateView):
    template_name = 'index.html'

@ -117,38 +112,6 @@ class DataDownload(SuperUserMixin, View):
        return response


-class IsProjectUser(BasePermission):
-
-    def has_permission(self, request, view):
-        user = request.user
-        project_id = view.kwargs.get('project_id')
-        project = get_object_or_404(Project, pk=project_id)
-
-        return user in project.users.all()
-
-
-class IsAdminUserAndWriteOnly(BasePermission):
-
-    def has_permission(self, request, view):
-        if request.method in SAFE_METHODS:
-            return True
-
-        return IsAdminUser().has_permission(request, view)
-
-
-class IsOwnAnnotation(BasePermission):
-
-    def has_permission(self, request, view):
-        user = request.user
-        project_id = view.kwargs.get('project_id')
-        annotation_id = view.kwargs.get('annotation_id')
-        project = get_object_or_404(Project, pk=project_id)
-        Annotation = project.get_annotation_class()
-        annotation = Annotation.objects.get(id=annotation_id)
-
-        return annotation.user == user
-
-
 class ProjectViewSet(viewsets.ModelViewSet):
    queryset = Project.objects.all()
    serializer_class = ProjectSerializer