drf-extensions icon indicating copy to clipboard operation
drf-extensions copied to clipboard

Published 20 hours ago verified publisher icon chibisov

Mixin for Allow Header Value to Take in to Account permission_classes

Open cancan101 opened this issue 9 years ago • 1 comments

Follow up from: https://github.com/tomchristie/django-rest-framework/issues/2751.

Something like:

class AllowedMethodsMixin(object):
    @property
    def allowed_methods(self):
        ret = super(AllowedMethodsMixin, self).allowed_methods
        my_ret = ['OPTIONS']
        for method in ret:
            if method == 'OPTIONS':
                continue

            request = clone_request(self.request, method)
            try:
                request._user = self.request.user
                self.check_permissions(request)
            except (NotAuthenticated, PermissionDenied, AuthenticationFailed):
                allowed = False
            else:
                allowed = True

            if allowed:
                my_ret.append(method)

        return my_ret

Optionally, this could be modified to run only on OPTIONS calls.

cancan101 avatar May 01 '15 14:05 cancan101

I like it. Could you make pull request with tests?

chibisov avatar May 01 '15 15:05 chibisov