Add initial support for simple DRF Views (non-Viewset)

presslabs · Mar 18, 2024 · b42dab3 · b42dab3
1 parent 40d1299
commit b42dab3
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add a check for the first field in HasRelatedResourcePerms.relation
 - Add uniqueness checks for PermEnum values
 - Provide a DRF AuthorizationModelViewSet class for convenience
+- Add initial support for simple DRF Views (non-Viewset)
 
 ### Changed
 - Lax some in-code assumptions to allow using non-Model classes

diff --git a/django_woah/drf/permission.py b/django_woah/drf/permission.py
@@ -28,7 +28,14 @@ def has_permission(self, request, view):
             return view.http_method_not_allowed(request)
 
         if not hasattr(view, "action"):
-            return view.permission_denied(request)
+            if request.method == "POST":
+                return view.is_authorized_for_unsaved_resource()
+
+            return self.has_object_permission(
+                request,
+                view,
+                obj=view.get_authorization_model_object(skip_authorization=True),
+            )
 
         if getattr(view, "action", None):
             if view.action == "list" or (
@@ -55,7 +62,11 @@ def has_object_permission(self, request, view, obj):
         # TODO: see what to do with "obj" parameter
         # return obj == view.get_authorization_model_object() breaks some cases
 
-        if view.action == "create":
+        if not hasattr(view, "action"):
+            if request.method == "POST":
+                return view.is_authorized_for_unsaved_resource()
+
+        elif view.action == "create":
             return view.is_authorized_for_unsaved_resource()
 
         obj = view.get_authorization_model_object()