Commit 01488e2b authored by Denis Laxalde's avatar Denis Laxalde
Browse files

Move permission check logic from get_entities() view to the resource

Instead of assuming that the context resource in get_entities() view has
an "etype" attribute (which won't be true anymore in next changeset), we
delegate permission check to the resource object in the form of an
has_perm() method. This is step towards defining abstract interfaces for
resource classes.
parent 62934d2097ac
......@@ -84,8 +84,7 @@ def get_root(context, request):
)
def get_entities(context, request):
"""Render multiple entities in JSON format."""
vreg = request.registry['cubicweb.registry']
if vreg.schema[context.etype].has_perm(request.cw_cnx, 'add'):
if context.has_perm('add'):
request.response.allow = ['GET', 'POST']
else:
request.response.allow = ['GET']
......
......@@ -313,6 +313,10 @@ class ETypeResource(Paginable, PluggableResource):
'jsonschema.collection', self.request.cw_request,
etype=self.etype, resource=self)
def has_perm(self, action):
vreg = self.request.registry['cubicweb.registry']
return vreg.schema[self.etype].has_perm(self.request.cw_cnx, action)
@Mappable.register
class EntityResource(PluggableResource):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment