0

Why can't I check the condition in the permission class ? 

class ViewUserLeaveRequest(BasePermission):
    def has_permission(self, request, view):
        id = view.kwargs['id']
        user = User.objects.get(id = request.user.id)
        print('this is user ', user)
        print(id)
        print(user.id)
        group = list(user.groups.all())
        permison = group[0].permissions.all()
        if  permison.get(name='can view leave request') or user.id == id:
             return True
        else :
            return False

Everything is fine I am getting id from kwargs and I want to return True if user's group has the can view leave request or if the requested user's id equals the id in the kwargs.

trace path :

Quit the server with CONTROL-C.
this is user  rabin Rabin
26
26
Internal Server Error: /attend/v1/leaveRequestList/26/
Traceback (most recent call last):
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/core/handlers/exception.py", line 35, in inner
response = get_response(request)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 128, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3.6/contextlib.py", line 52, in inner
return func(*args, **kwds)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/views/generic/base.py", line 69, in view
return self.dispatch(request, *args, **kwargs)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 495, in dispatch
response = self.handle_exception(exc)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 455, in handle_exception
self.raise_uncaught_exception(exc)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 483, in dispatch
self.initial(request, *args, **kwargs)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 401, in initial
self.check_permissions(request)
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/rest_framework/views.py", line 334, in check_permissions
if not permission.has_permission(request, self):
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/attendanceregistersystem/attendance/permissions.py", line 77, in has_permission
if  permison.get(name='can view leave request') or user.id == id:
File "/home/bishwa/attendanceRegisterSystem/attendanceregistersystem/.venv/lib/python3.6/site-packages/django/db/models/query.py", line 403, in get
self.model._meta.object_name
django.contrib.auth.models.DoesNotExist: Permission matching query does not exist.
[21/Jan/2019 17:41:35] "GET /attend/v1/leaveRequestList/26/ HTTP/1.1" 500 129370

Edit : 

try:
    if  permison.get(name='can view leave request') or user.id == id:
        return True
except :
    return False

I did this but it is giving me "detail": "You do not have permission to perform this action." If I do the following, I am getting same error since user.id == id is True both are 26 in this case 

try:
    if user.id == id:
        return True
except :
    return False

Edit :

    try:
        permison.get(name='can view leave request') or user.id == id
        return True
    except :
        return False
Bishwa Karki
  • 359
  • 4
  • 20
  • 1
    please explain why you think it doesn't work. Is there a crash with a traceback for example ? – Linovia Jan 21 '19 at 17:36
  • can a user be in multiple groups? why is group[0] the one to check? and why not use `has_perm()` method on a user to check a permission? Anyway `get()` on a queryset raises an exception when the object doesn't exist so you can't check using get. – dirkgroten Jan 21 '19 at 17:40
  • 1
    `permison.get(name='can view leave request')` is crashing your script you need to use `try` and `execpt` instead. – Ahtisham Jan 21 '19 at 17:42
  • @Ahtisham I tried as you said but again I am getting error. – Bishwa Karki Jan 21 '19 at 17:53
  • That is not what I meant. You need to replace `if` with `try` and `except`. – Ahtisham Jan 21 '19 at 18:00
  • @Ahtisham Still the same error – Bishwa Karki Jan 21 '19 at 18:05
  • 1
    This is what I mean. :- `try: permison.get(name='can view leave request') except: if user.id == id: return True return False` . we cannot write multiple lines of code in comments so do fix indent on your own. – Ahtisham Jan 21 '19 at 18:11
  • @Ahtisham Thank you so much , you saved alot of my time. It finally worked – Bishwa Karki Jan 21 '19 at 18:15
  • you welcome :) btw did you figured out why `permison.get(...)` is crashing ? – Ahtisham Jan 21 '19 at 18:18
  • @Ahtisham of course it crashes if the permission doesn't exist for the group[0]. As I mentioned above `get(condition)` returns the object or raises an `ObjectDoesNotExist` exception or raises a `MultipleObjectsFound` exception. – dirkgroten Jan 21 '19 at 18:37

1 Answers1

0

class ViewUserLeaveRequest(BasePermission):

def has_permission(self, request, view):

    id = view.kwargs['id']

    user = request.user

if  user.has_perm('your_models_app_name.can_view_leave_request') or user.id == id:

      return True

 return False

sorry if there will be indentation errors... hope you will be able to fix them

AzBakuFarid
  • 1