2323from rest_framework .response import Response
2424from rest_framework .viewsets import GenericViewSet
2525from rest_framework .parsers import MultiPartParser
26+ from rest_framework .exceptions import PermissionDenied
2627
2728from api import monitor , models , permissions , serializers , viewsets , authentication
2829from api .tasks import scale_app , restart_app , mount_app , downstream_model_owner , \
@@ -392,20 +393,19 @@ class ConfigViewSet(ReleasableViewSet):
392393 serializer_class = serializers .ConfigSerializer
393394
394395 def post_save (self , config ):
395- if not config .app .appsettings_set .latest ().autodeploy :
396- return
397396 latest_release = config .app .release_set .filter (failed = False ).latest ()
398397 try :
399398 release = latest_release .new (
400399 self .request .user , config = config , build = latest_release .build )
401- ptypes = set ()
402- for field , diff in config .diff ().items ():
403- if field in config .ptype_fields :
404- for value in diff .values ():
405- ptypes .update (value .keys ())
406- # allof_fields changed, deploy all.
407- ptypes = list (ptypes ) if ptypes else None
408- release .deploy (ptypes , False )
400+ if config .app .appsettings_set .latest ().autodeploy :
401+ ptypes = set ()
402+ for field , diff in config .diff ().items ():
403+ if field in config .ptype_fields :
404+ for value in diff .values ():
405+ ptypes .update (value .keys ())
406+ # allof_fields changed, deploy all.
407+ ptypes = list (ptypes ) if ptypes else None
408+ release .deploy (ptypes , False )
409409 except BaseException as e :
410410 config .delete ()
411411 if isinstance (e , AlreadyExists ):
@@ -774,8 +774,14 @@ def create(self, request, *args, **kwargs):
774774class AppPermViewSet (AppResourceViewSet ):
775775 """RESTful views for sharing apps with collaborators."""
776776
777+ def get_app (self , request ):
778+ app = get_object_or_404 (models .app .App , id = self .kwargs ['id' ])
779+ if not permissions .IsOwnerOrAdmin ().has_object_permission (request , self , app ):
780+ raise PermissionDenied ()
781+ return app
782+
777783 def list (self , request , ** kwargs ):
778- app = self .get_app ()
784+ app = self .get_app (request )
779785 results = [
780786 {
781787 "app" : app .id ,
@@ -792,7 +798,7 @@ def list(self, request, **kwargs):
792798 return Response (data = pagination )
793799
794800 def create (self , request , ** kwargs ):
795- app = self .get_app ()
801+ app = self .get_app (request )
796802 username = request .data .get ('username' )
797803 shortnames = set ([perm for perm in request .data .get ("permissions" , "" ).split ("," ) if perm ])
798804 all_shortnames = models .app .app_permission_registry .shortnames
@@ -810,7 +816,7 @@ def create(self, request, **kwargs):
810816 return Response (status = status .HTTP_201_CREATED )
811817
812818 def update (self , request , ** kwargs ):
813- app = self .get_app ()
819+ app = self .get_app (request )
814820 user = get_object_or_404 (User , username = kwargs ['username' ])
815821 shortnames = set ([perm for perm in request .data .get ("permissions" , "" ).split ("," ) if perm ])
816822 all_shortnames = models .app .app_permission_registry .shortnames
@@ -832,7 +838,7 @@ def update(self, request, **kwargs):
832838 return Response (status = status .HTTP_204_NO_CONTENT )
833839
834840 def destroy (self , request , ** kwargs ):
835- app = self .get_app ()
841+ app = self .get_app (request )
836842 username = kwargs ['username' ]
837843 user = get_object_or_404 (User , username = username )
838844 for codename in get_user_perms (user , app ):
0 commit comments