Improvements for model metadata introspection (#4585)

- Will improve API permissions checks - Will improve API metadata checks - Fixes missing model information on metadata options endpoints Ref: https://github.com/inventree/InvenTree/pull/4579
2024-08-30 18:33:04 +00:00 · 2023-04-05 22:43:23 +10:00 · 2023-04-05 22:43:23 +10:00 · 0b6e2ee592
commit 0b6e2ee592
parent ab7b03ac59
3 changed files with 22 additions and 2 deletions
--- a/InvenTree/InvenTree/api.py
+++ b/InvenTree/InvenTree/api.py
@ -361,6 +361,10 @@ class MetadataView(RetrieveUpdateAPI):

        return model

+    def get_permission_model(self):
+        """Return the 'permission' model associated with this view"""
+        return self.get_model_type()
+
    def get_queryset(self):
        """Return the queryset for this endpoint"""
        return self.get_model_type().objects.all()
--- a/InvenTree/InvenTree/metadata.py
+++ b/InvenTree/InvenTree/metadata.py
@ -7,6 +7,7 @@ from rest_framework.fields import empty
 from rest_framework.metadata import SimpleMetadata
 from rest_framework.utils import model_meta

+import InvenTree.permissions
 import users.models
 from InvenTree.helpers import str2bool

@ -58,7 +59,7 @@ class InvenTreeMetadata(SimpleMetadata):

        try:
            # Extract the model name associated with the view
-            self.model = view.serializer_class.Meta.model
+            self.model = InvenTree.permissions.get_model_for_view(view)

            # Construct the 'table name' from the model
            app_label = self.model._meta.app_label
--- a/InvenTree/InvenTree/permissions.py
+++ b/InvenTree/InvenTree/permissions.py
@ -7,6 +7,21 @@ from rest_framework import permissions
 import users.models


+def get_model_for_view(view, raise_error=True):
+    """Attempt to introspect the 'model' type for an API view"""
+
+    if hasattr(view, 'get_permission_model'):
+        return view.get_permission_model()
+
+    if hasattr(view, 'serializer_class'):
+        return view.serializer_class.Meta.model
+
+    if hasattr(view, 'get_serializer_class'):
+        return view.get_serializr_class().Meta.model
+
+    raise AttributeError(f"Serializer class not specified for {view.__class__}")
+
+
 class RolePermission(permissions.BasePermission):
    """Role mixin for API endpoints, allowing us to specify the user "role" which is required for certain operations.

@ -55,7 +70,7 @@ class RolePermission(permissions.BasePermission):

        try:
            # Extract the model name associated with this request
-            model = view.serializer_class.Meta.model
+            model = get_model_for_view(view)

            app_label = model._meta.app_label
            model_name = model._meta.model_name