def filter_queryset(self, request, queryset, view):
"""
Anonymous user has no object permissions, return queryset as it is.
"""
user = request.user
project_id = view.kwargs.get(view.lookup_field)
if user.is_anonymous():
return queryset.filter(Q(shared=True))
if project_id:
try:
int(project_id)
except ValueError:
raise ParseError(
u"Invalid value for project_id '%s' must be a positive "
"integer." % project_id)
# check if project is public and return it
try:
project = queryset.get(id=project_id)
except ObjectDoesNotExist:
raise Http404
if project.shared:
return queryset.filter(Q(id=project_id))
return super(AnonUserProjectFilter, self)\
.filter_queryset(request, queryset, view)
评论列表
文章目录
