Move permission check logic from get_entities() view to the resource

Instead of assuming that the context resource in get_entities() view has an "etype" attribute (which won't be true anymore in next changeset), we delegate permission check to the resource object in the form of an has_perm() method. This is step towards defining abstract interfaces for resource classes.

Move permission check logic from get_entities() view to the resource
Instead of assuming that the context resource in get_entities() view has an "etype" attribute (which won't be true anymore in next changeset), we delegate permission check to the resource object in the form of an has_perm() method. This is step towards defining abstract interfaces for resource classes.
01488e2b · Denis Laxalde · 62934d2097ac · 52dcc1f1 · 52dcc1f1
Commit 01488e2b authored Jun 20, 2018 by Denis Laxalde
--- a/cubicweb_jsonschema/api/entities.py
+++ b/cubicweb_jsonschema/api/entities.py
@@ -84,8 +84,7 @@ def get_root(context, request):
 )
 def get_entities(context, request):
    """Render multiple entities in JSON format."""
-    vreg = request.registry['cubicweb.registry']
-    if vreg.schema[context.etype].has_perm(request.cw_cnx, 'add'):
+    if context.has_perm('add'):
        request.response.allow = ['GET', 'POST']
    else:
        request.response.allow = ['GET']

--- a/cubicweb_jsonschema/resources.py
+++ b/cubicweb_jsonschema/resources.py
@@ -313,6 +313,10 @@ class ETypeResource(Paginable, PluggableResource):
            'jsonschema.collection', self.request.cw_request,
            etype=self.etype, resource=self)

+    def has_perm(self, action):
+        vreg = self.request.registry['cubicweb.registry']
+        return vreg.schema[self.etype].has_perm(self.request.cw_cnx, action)
+

 @Mappable.register
 class EntityResource(PluggableResource):