Système de droits

apps/api/viewsets.py

@@ -5,15 +5,19 @@ from django.contrib.contenttypes.models import ContentType
 from member.backends import PermissionBackend
 from rest_framework import viewsets
 
+from note_kfet.middlewares import get_current_authenticated_user
+
 
 class ReadProtectedModelViewSet(viewsets.ModelViewSet):
     """
     Protect a ModelViewSet by filtering the objects that the user cannot see.
     """
 
-    def get_queryset(self):
-        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model)
-        return super().get_queryset().filter(PermissionBackend.filter_queryset(self.request.user, model, "view"))
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
+        user = get_current_authenticated_user()
+        self.queryset = model.objects.filter(PermissionBackend.filter_queryset(user, model, "view"))
 
 
 class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
@@ -21,6 +25,8 @@ class ReadOnlyProtectedModelViewSet(viewsets.ReadOnlyModelViewSet):
     Protect a ReadOnlyModelViewSet by filtering the objects that the user cannot see.
     """
 
-    def get_queryset(self):
-        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model)
-        return super().get_queryset().filter(PermissionBackend.filter_queryset(self.request.user, model, "view"))
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        model = ContentType.objects.get_for_model(self.serializer_class.Meta.model).model_class()
+        user = get_current_authenticated_user()
+        self.queryset = model.objects.filter(PermissionBackend.filter_queryset(user, model, "view"))