From 1ddfef12121d6a92658daf08c375659993dc37ec Mon Sep 17 00:00:00 2001 From: Tymur Maryokhin Date: Sun, 12 Apr 2015 17:12:01 +0200 Subject: [PATCH] Removed deprecated '.model' attribute check --- rest_framework/permissions.py | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index fcebf04606..8215957e69 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -77,7 +77,7 @@ class DjangoModelPermissions(BasePermission): `add`/`change`/`delete` permissions on the model. This permission can only be applied against view classes that - provide a `.model` or `.queryset` attribute. + provide a `.queryset` attribute. """ # Map methods into required permission codes. @@ -107,24 +107,19 @@ def get_required_permissions(self, method, model_cls): return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view): - # Note that `.model` attribute on views is deprecated, although we - # enforce the deprecation on the view `get_serializer_class()` and - # `get_queryset()` methods, rather than here. - model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) - if model_cls is None and queryset is not None: - model_cls = queryset.model - # Workaround to ensure DjangoModelPermissions are not applied # to the root view when using DefaultRouter. - if model_cls is None and getattr(view, '_ignore_model_permissions', False): + if queryset is None and getattr(view, '_ignore_model_permissions', False): return True - assert model_cls, ('Cannot apply DjangoModelPermissions on a view that' - ' does not have `.model` or `.queryset` property.') + assert queryset, ( + 'Cannot apply DjangoModelPermissions on a view that ' + 'does not have `.queryset` property.' + ) - perms = self.get_required_permissions(request.method, model_cls) + perms = self.get_required_permissions(request.method, queryset.model) return ( request.user and @@ -150,7 +145,7 @@ class DjangoObjectPermissions(DjangoModelPermissions): `add`/`change`/`delete` permissions on the object using .has_perms. This permission can only be applied against view classes that - provide a `.model` or `.queryset` attribute. + provide a `.queryset` attribute. """ perms_map = { @@ -171,14 +166,10 @@ def get_required_object_permissions(self, method, model_cls): return [perm % kwargs for perm in self.perms_map[method]] def has_object_permission(self, request, view, obj): - model_cls = getattr(view, 'model', None) - queryset = getattr(view, 'queryset', None) - - if model_cls is None and queryset is not None: - model_cls = queryset.model + model_cls = view.queryset.model + user = request.user perms = self.get_required_object_permissions(request.method, model_cls) - user = request.user if not user.has_perms(perms, obj): # If the user does not have permissions we need to determine if pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy