Bases: Serializer
List what the current logged in user is allowed to do with the dataset.
Helps other services determine what actions should be available for
the user without having to reimplement Metax authorization logic.
Checks AccessPolicy rules without making an actual request
by faking the required view and request objects.
Expects object to be a dataset, so set source="*" when used as a
dataset serializer field.
Source code in src/apps/core/serializers/dataset_allowed_actions.py
| class DatasetAllowedActionsSerializer(serializers.Serializer):
"""List what the current logged in user is allowed to do with the dataset.
Helps other services determine what actions should be available for
the user without having to reimplement Metax authorization logic.
Checks AccessPolicy rules without making an actual request
by faking the required view and request objects.
Expects object to be a dataset, so set source="*" when used as a
dataset serializer field.
"""
update = serializers.SerializerMethodField()
download = serializers.SerializerMethodField()
@property
def access_policy(self):
"""Get access_policy from viewset while avoiding circular import errors."""
from apps.core.views import DatasetViewSet
return DatasetViewSet.access_policy
def get_update(self, obj: Dataset):
return self.access_policy().query_object_permission(
user=self.context["request"].user, object=obj, action="update"
)
def get_download(self, obj: Dataset):
return self.access_policy().query_object_permission(
user=self.context["request"].user, object=obj, action="<op:download>"
)
|
access_policy
property
Get access_policy from viewset while avoiding circular import errors.