Commit 9821e311 authored by Kenzo-Hugo Hillion's avatar Kenzo-Hugo Hillion
Browse files

add permissions for all to list only

parent 4643e950
Pipeline #19355 failed with stages
in 0 seconds
......@@ -3,11 +3,13 @@ from rest_framework import status
from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet
from metagenedb.common.django_default.permissions import ListAndRetrieveAll
from metagenedb.common.django_default.qparams_validators import PaginatedQueryParams
class BulkViewSet(ModelViewSet):
query_params_parser = PaginatedQueryParams
permission_classes = [ListAndRetrieveAll]
def get_objects(self, instance_ids):
return self.queryset.in_bulk(instance_ids, field_name=self.lookup_field)
......
from rest_framework.permissions import BasePermission
class ListAndRetrieveAll(BasePermission):
"""
Custom permission to only allow access to lists for admins
"""
def has_permission(self, request, view):
return view.action in ['list', 'retrieve'] or request.user.is_staff
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment