from django.contrib.auth.models import Group from django.conf import settings from tastypie.authentication import SessionAuthentication, MultiAuthentication from account.authentication import MultiApiKeyAuthentication from tastypie.validation import FormValidation from tastypie.resources import ModelResource from tastypie.authorization import Authorization from tastypie.exceptions import Unauthorized from staff.models import GroupForm class RatticGroupAuthorization(Authorization): def read_list(self, object_list, bundle): return object_list def read_detail(self, object_list, bundle): return True def create_list(self, object_list, bundle): if settings.LDAP_ENABLED: raise Unauthorized("Please create groups in your LDAP server") if bundle.request.user.is_staff: return object_list raise Unauthorized("Only staff may create groups") def create_detail(self, object_list, bundle): if settings.LDAP_ENABLED: raise Unauthorized("Please create groups in your LDAP server") if bundle.request.user.is_staff: return True raise Unauthorized("Only staff may create groups") def update_list(self, object_list, bundle): raise Unauthorized("Not yet implemented.") def update_detail(self, object_list, bundle): raise Unauthorized("Not yet implemented.") def delete_list(self, object_list, bundle): # Sorry user, no deletes for you! raise Unauthorized("Not yet implemented.") def delete_detail(self, object_list, bundle): raise Unauthorized("Not yet implemented.") class GroupResource(ModelResource): def obj_create(self, bundle, request=None, **kwargs): val = super(GroupResource, self).obj_create(bundle) bundle.request.user.groups.add(bundle.obj) return val def get_object_list(self, request): if request.user.is_staff: return super(GroupResource, self).get_object_list(request) else: return super(GroupResource, self).get_object_list(request).filter(id__in=request.user.groups.all()) class Meta: queryset = Group.objects.all() always_return_data = True resource_name = 'group' authentication = MultiAuthentication(MultiApiKeyAuthentication(), SessionAuthentication()) authorization = RatticGroupAuthorization() validation = FormValidation(form_class=GroupForm)