udata 10.4.3.dev35551__py2.py3-none-any.whl → 10.4.3.dev35617__py2.py3-none-any.whl

udata/api_fields.py

@@ -341,6 +341,9 @@ def generate_fields(**kwargs) -> Callable:
                 continue  # Do not override if the attribute is also callable like for Extras
 
             method = getattr(cls, method_name)
+            if isinstance(method, property):
+                method = method.fget
+
             if not callable(method):
                 continue
 
@@ -356,7 +359,16 @@ def generate_fields(**kwargs) -> Callable:
                 """
                 return lambda o: method(o)
 
-            read_fields[method_name] = restx_fields.String(
+            nested_fields: dict | None = additional_field_info.get("nested_fields")
+            if nested_fields is None:
+                # If there is no `nested_fields` convert the object to the string representation.
+                field_constructor = restx_fields.String
+            else:
+
+                def field_constructor(**kwargs):
+                    return restx_fields.Nested(nested_fields, **kwargs)
+
+            read_fields[method_name] = field_constructor(
                 attribute=make_lambda(method), **{"readonly": True, **additional_field_info}
             )
             if additional_field_info.get("show_as_ref", False):

udata/commands/fixtures.py

@@ -54,16 +54,25 @@ UNWANTED_KEYS: dict[str, list[str]] = {
         "badges",
         "spatial",
         "quality",
+        "permissions",
     ],
     "resource": ["latest", "preview_url", "last_modified"],
     "organization": ["class", "page", "uri", "logo_thumbnail"],
-    "reuse": ["datasets", "image_thumbnail", "page", "uri", "owner"],
+    "reuse": [
+        "datasets",
+        "image_thumbnail",
+        "page",
+        "uri",
+        "owner",
+        "permissions",
+    ],
     "community": [
         "dataset",
         "owner",
         "latest",
         "last_modified",
         "preview_url",
+        "permissions",
     ],
     "discussion": ["subject", "url", "class", "permissions"],
     "discussion_message": ["permissions"],
@@ -75,6 +84,7 @@ UNWANTED_KEYS: dict[str, list[str]] = {
         "owner",
         "self_api_url",
         "self_web_url",
+        "permissions",
     ],
 }
 

udata/core/dataservices/api.py

@@ -10,7 +10,6 @@ from flask_login import current_user
 from udata.api import API, api, fields
 from udata.api_fields import patch
 from udata.core.dataservices.constants import DATASERVICE_ACCESS_TYPE_RESTRICTED
-from udata.core.dataservices.permissions import OwnablePermission
 from udata.core.dataset.models import Dataset
 from udata.core.followers.api import FollowAPI
 from udata.core.site.models import current_site
@@ -19,7 +18,6 @@ from udata.i18n import gettext as _
 from udata.rdf import RDF_EXTENSIONS, graph_response, negociate_content
 
 from .models import Dataservice
-from .permissions import DataserviceEditPermission
 from .rdf import dataservice_to_rdf
 
 ns = api.namespace("dataservices", "Dataservices related operations (beta)")
@@ -99,7 +97,7 @@ class DataserviceAPI(API):
     @api.doc("get_dataservice")
     @api.marshal_with(Dataservice.__read_fields__)
     def get(self, dataservice):
-        if not OwnablePermission(dataservice).can():
+        if not dataservice.permissions["edit"].can():
             if dataservice.private:
                 api.abort(404)
             elif dataservice.deleted_at:
@@ -117,7 +115,7 @@ class DataserviceAPI(API):
         ):
             api.abort(410, "dataservice has been deleted")
 
-        OwnablePermission(dataservice).test()
+        dataservice.permissions["edit"].test()
 
         patch(dataservice, request)
         dataservice.metadata_modified_at = datetime.utcnow()
@@ -134,7 +132,7 @@ class DataserviceAPI(API):
         if dataservice.deleted_at:
             api.abort(410, "dataservice has been deleted")
 
-        OwnablePermission(dataservice).test()
+        dataservice.permissions["delete"].test()
         dataservice.deleted_at = datetime.utcnow()
         dataservice.metadata_modified_at = datetime.utcnow()
         dataservice.save()
@@ -167,7 +165,7 @@ class DataserviceDatasetsAPI(API):
         if dataservice.deleted_at:
             api.abort(410, "Dataservice has been deleted")
 
-        OwnablePermission(dataservice).test()
+        dataservice.permissions["edit"].test()
 
         data = request.json
 
@@ -203,7 +201,7 @@ class DataserviceDatasetAPI(API):
         if dataservice.deleted_at:
             api.abort(410, "Dataservice has been deleted")
 
-        OwnablePermission(dataservice).test()
+        dataservice.permissions["edit"].test()
 
         if dataset not in dataservice.datasets:
             api.abort(404, "Dataset not found in dataservice")
@@ -232,8 +230,8 @@ class DataserviceRdfAPI(API):
 @api.response(410, "Dataservice has been deleted")
 class DataserviceRdfFormatAPI(API):
     @api.doc("rdf_dataservice_format")
-    def get(self, dataservice, format):
-        if not DataserviceEditPermission(dataservice).can():
+    def get(self, dataservice: Dataservice, format):
+        if not dataservice.permissions["edit"].can():
             if dataservice.private:
                 api.abort(404)
             elif dataservice.deleted_at:

udata/core/dataservices/apiv2.py

@@ -5,8 +5,10 @@ from udata.api import API, apiv2
 from udata.core.dataservices.models import AccessAudience, Dataservice, HarvestMetadata
 from udata.utils import multi_to_dict
 
+from .models import dataservice_permissions_fields
 from .search import DataserviceSearch
 
+apiv2.inherit("DataservicePermissions", dataservice_permissions_fields)
 apiv2.inherit("DataservicePage", Dataservice.__page_fields__)
 apiv2.inherit("Dataservice (read)", Dataservice.__read_fields__)
 apiv2.inherit("HarvestMetadata (read)", HarvestMetadata.__read_fields__)

udata/core/dataservices/models.py

@@ -7,6 +7,7 @@ from mongoengine.signals import post_save
 
 import udata.core.contact_point.api_fields as contact_api_fields
 import udata.core.dataset.api_fields as datasets_api_fields
+from udata.api import api, fields
 from udata.api_fields import field, function_field, generate_fields
 from udata.core.activity.models import Auditable
 from udata.core.dataservices.constants import (
@@ -33,6 +34,15 @@ from udata.uris import endpoint_for
 # "temporal_coverage"
 
 
+dataservice_permissions_fields = api.model(
+    "DataservicePermissions",
+    {
+        "delete": fields.Permission(),
+        "edit": fields.Permission(),
+    },
+)
+
+
 class DataserviceQuerySet(OwnedQuerySet):
     def visible(self):
         return self(archived_at=None, deleted_at=None, private=False)
@@ -285,6 +295,18 @@ class Dataservice(Auditable, WithMetrics, Owned, db.Document):
     def is_hidden(self):
         return self.private or self.deleted_at or self.archived_at
 
+    @property
+    @function_field(
+        nested_fields=dataservice_permissions_fields,
+    )
+    def permissions(self):
+        from .permissions import DataserviceEditPermission
+
+        return {
+            "delete": DataserviceEditPermission(self),
+            "edit": DataserviceEditPermission(self),
+        }
+
     def count_discussions(self):
         self.metrics["discussions"] = Discussion.objects(subject=self, closed=None).count()
         self.save(signal_kwargs={"ignores": ["post_save"]})

udata/core/dataset/api.py

@@ -39,6 +39,7 @@ from udata.core.badges.fields import badge_fields
 from udata.core.dataservices.models import Dataservice
 from udata.core.dataset.models import CHECKSUM_TYPES
 from udata.core.followers.api import FollowAPI
+from udata.core.followers.models import Follow
 from udata.core.organization.models import Organization
 from udata.core.reuse.models import Reuse
 from udata.core.site.models import current_site
@@ -84,7 +85,6 @@ from .models import (
     ResourceSchema,
     get_resource,
 )
-from .permissions import DatasetEditPermission, ResourceEditPermission
 from .rdf import dataset_to_rdf
 
 DEFAULT_SORTING = "-created_at_internal"
@@ -122,6 +122,12 @@ class DatasetApiParser(ModelApiParser):
             location="args",
         )
         self.parser.add_argument("owner", type=str, location="args")
+        self.parser.add_argument(
+            "followed_by",
+            type=str,
+            location="args",
+            help="(beta, subject to change/be removed)",
+        )
         self.parser.add_argument("format", type=str, location="args")
         self.parser.add_argument("schema", type=str, location="args")
         self.parser.add_argument("schema_version", type=str, location="args")
@@ -183,6 +189,16 @@ class DatasetApiParser(ModelApiParser):
             if not ObjectId.is_valid(args["owner"]):
                 api.abort(400, "Owner arg must be an identifier")
             datasets = datasets.filter(owner=args["owner"])
+        if args.get("followed_by"):
+            if not ObjectId.is_valid(args["followed_by"]):
+                api.abort(400, "`followed_by` arg must be an identifier")
+            ids = [
+                f.following.id
+                for f in Follow.objects(follower=args["followed_by"]).filter(
+                    __raw__={"following._cls": Dataset._class_name}
+                )
+            ]
+            datasets = datasets.filter(id__in=ids)
         if args.get("format"):
             datasets = datasets.filter(resources__format=args["format"])
         if args.get("schema"):
@@ -342,9 +358,9 @@ class DatasetsAtomFeedAPI(API):
 class DatasetAPI(API):
     @api.doc("get_dataset")
     @api.marshal_with(dataset_fields)
-    def get(self, dataset):
+    def get(self, dataset: Dataset):
         """Get a dataset given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 api.abort(404)
             elif dataset.deleted:
@@ -356,12 +372,12 @@ class DatasetAPI(API):
     @api.expect(dataset_fields)
     @api.marshal_with(dataset_fields)
     @api.response(400, errors.VALIDATION_ERROR)
-    def put(self, dataset):
+    def put(self, dataset: Dataset):
         """Update a dataset given its identifier"""
         request_deleted = request.json.get("deleted", True)
         if dataset.deleted and request_deleted is not None:
             api.abort(410, "Dataset has been deleted")
-        DatasetEditPermission(dataset).test()
+        dataset.permissions["edit"].test()
         dataset.last_modified_internal = datetime.utcnow()
         form = api.validate(DatasetForm, dataset)
 
@@ -374,7 +390,7 @@ class DatasetAPI(API):
         """Delete a dataset given its identifier"""
         if dataset.deleted:
             api.abort(410, "Dataset has been deleted")
-        DatasetEditPermission(dataset).test()
+        dataset.permissions["delete"].test()
         dataset.deleted = datetime.utcnow()
         dataset.last_modified_internal = datetime.utcnow()
         dataset.save()
@@ -420,7 +436,7 @@ class DatasetRdfAPI(API):
 class DatasetRdfFormatAPI(API):
     @api.doc("rdf_dataset_format")
     def get(self, dataset, format):
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 api.abort(404)
             elif dataset.deleted:
@@ -479,7 +495,7 @@ class ResourcesAPI(API):
     @api.marshal_with(resource_fields, code=201)
     def post(self, dataset):
         """Create a new resource for a given dataset"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         form = api.validate(ResourceFormWithoutId)
         resource = Resource()
 
@@ -497,7 +513,7 @@ class ResourcesAPI(API):
     @api.marshal_list_with(resource_fields)
     def put(self, dataset):
         """Reorder resources"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resources = request.json
         if len(dataset.resources) != len(resources):
             api.abort(
@@ -551,7 +567,7 @@ class UploadNewDatasetResource(UploadMixin, API):
     @api.marshal_with(upload_fields, code=201)
     def post(self, dataset):
         """Upload a file for a new dataset resource"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         infos = self.handle_upload(dataset)
         resource = Resource(**infos)
         dataset.add_resource(resource)
@@ -602,7 +618,7 @@ class UploadDatasetResource(ResourceMixin, UploadMixin, API):
     @api.marshal_with(upload_fields)
     def post(self, dataset, rid):
         """Upload a file related to a given resource on a given dataset"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resource = self.get_resource_or_404(dataset, rid)
         fs_filename_to_remove = resource.fs_filename
         infos = self.handle_upload(dataset)
@@ -631,7 +647,7 @@ class ReuploadCommunityResource(ResourceMixin, UploadMixin, API):
     @api.marshal_with(upload_community_fields)
     def post(self, community):
         """Update the file related to a given community resource"""
-        ResourceEditPermission(community).test()
+        community.permissions["edit"].test()
         fs_filename_to_remove = community.fs_filename
         infos = self.handle_upload(community.dataset)
         community.update(**infos)
@@ -648,7 +664,7 @@ class ResourceAPI(ResourceMixin, API):
     @api.marshal_with(resource_fields)
     def get(self, dataset, rid):
         """Get a resource given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 api.abort(404)
             elif dataset.deleted:
@@ -662,7 +678,7 @@ class ResourceAPI(ResourceMixin, API):
     @api.marshal_with(resource_fields)
     def put(self, dataset, rid):
         """Update a given resource on a given dataset"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resource = self.get_resource_or_404(dataset, rid)
         form = api.validate(ResourceFormWithoutId, resource)
 
@@ -691,7 +707,7 @@ class ResourceAPI(ResourceMixin, API):
     @api.doc("delete_resource")
     def delete(self, dataset, rid):
         """Delete a given resource on a given dataset"""
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resource = self.get_resource_or_404(dataset, rid)
         dataset.remove_resource(resource)
         dataset.last_modified_internal = datetime.utcnow()
@@ -751,7 +767,7 @@ class CommunityResourceAPI(API):
     @api.marshal_with(community_resource_fields)
     def put(self, community):
         """Update a given community resource"""
-        ResourceEditPermission(community).test()
+        community.permissions["edit"].test()
         form = api.validate(CommunityResourceForm, community)
         if community.filetype == "file":
             form._fields.get("url").data = community.url
@@ -766,7 +782,7 @@ class CommunityResourceAPI(API):
     @api.doc("delete_community_resource")
     def delete(self, community):
         """Delete a given community resource"""
-        ResourceEditPermission(community).test()
+        community.permissions["delete"].test()
         # Deletes community resource's file from file storage
         if community.fs_filename is not None:
             storages.resources.delete(community.fs_filename)

udata/core/dataset/api_fields.py

@@ -220,6 +220,15 @@ dataset_ref_fields = api.inherit(
     },
 )
 
+
+community_resource_permissions_fields = api.model(
+    "DatasetPermissions",
+    {
+        "delete": fields.Permission(),
+        "edit": fields.Permission(),
+    },
+)
+
 community_resource_fields = api.inherit(
     "CommunityResource",
     resource_fields,
@@ -233,6 +242,7 @@ community_resource_fields = api.inherit(
         "owner": fields.Nested(
             user_ref_fields, allow_null=True, description="The user information"
         ),
+        "permissions": fields.Nested(community_resource_permissions_fields),
     },
 )
 
@@ -285,6 +295,7 @@ DEFAULT_MASK = ",".join(
         "internal",
         "contact_points",
         "featured",
+        "permissions",
     )
 )
 
@@ -300,6 +311,15 @@ dataset_internal_fields = api.model(
     },
 )
 
+dataset_permissions_fields = api.model(
+    "DatasetPermissions",
+    {
+        "delete": fields.Permission(),
+        "edit": fields.Permission(),
+        "edit_resources": fields.Permission(),
+    },
+)
+
 dataset_fields = api.model(
     "Dataset",
     {
@@ -401,6 +421,7 @@ dataset_fields = api.model(
         "contact_points": fields.List(
             fields.Nested(contact_point_fields, description="The dataset contact points"),
         ),
+        "permissions": fields.Nested(dataset_permissions_fields),
     },
     mask=DEFAULT_MASK,
 )

udata/core/dataset/apiv2.py

@@ -20,6 +20,7 @@ from .api_fields import (
     checksum_fields,
     dataset_harvest_fields,
     dataset_internal_fields,
+    dataset_permissions_fields,
     org_ref_fields,
     resource_fields,
     resource_harvest_fields,
@@ -31,7 +32,6 @@ from .api_fields import (
 )
 from .constants import DEFAULT_FREQUENCY, DEFAULT_LICENSE, FULL_OBJECTS_HEADER, UPDATE_FREQUENCIES
 from .models import CommunityResource, Dataset
-from .permissions import DatasetEditPermission, ResourceEditPermission
 from .search import DatasetSearch
 
 DEFAULT_PAGE_SIZE = 50
@@ -70,6 +70,7 @@ DEFAULT_MASK_APIV2 = ",".join(
         "internal",
         "contact_points",
         "featured",
+        "permissions",
     )
 )
 
@@ -224,6 +225,7 @@ dataset_fields = apiv2.model(
             required=False,
             description="The dataset contact points",
         ),
+        "permissions": fields.Nested(dataset_permissions_fields),
     },
     mask=DEFAULT_MASK_APIV2,
 )
@@ -269,6 +271,7 @@ apiv2.inherit("ResourceInternals", resource_internal_fields)
 apiv2.inherit("ContactPoint", contact_point_fields)
 apiv2.inherit("Schema", schema_fields)
 apiv2.inherit("CatalogSchema", catalog_schema_fields)
+apiv2.inherit("DatasetPermissions", dataset_permissions_fields)
 
 
 @ns.route("/search/", endpoint="dataset_search")
@@ -318,7 +321,7 @@ class DatasetAPI(API):
     @apiv2.marshal_with(dataset_fields)
     def get(self, dataset):
         """Get a dataset given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 apiv2.abort(404)
             elif dataset.deleted:
@@ -335,7 +338,7 @@ class DatasetExtrasAPI(API):
     @apiv2.doc("get_dataset_extras")
     def get(self, dataset):
         """Get a dataset extras given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 apiv2.abort(404)
             elif dataset.deleted:
@@ -351,7 +354,7 @@ class DatasetExtrasAPI(API):
             apiv2.abort(400, "Wrong payload format, dict expected")
         if dataset.deleted:
             apiv2.abort(410, "Dataset has been deleted")
-        DatasetEditPermission(dataset).test()
+        dataset.permissions["edit"].test()
         # first remove extras key associated to a None value in payload
         for key in [k for k in data if data[k] is None]:
             dataset.extras.pop(key, None)
@@ -370,7 +373,7 @@ class DatasetExtrasAPI(API):
             apiv2.abort(400, "Wrong payload format, list expected")
         if dataset.deleted:
             apiv2.abort(410, "Dataset has been deleted")
-        DatasetEditPermission(dataset).test()
+        dataset.permissions["delete"].test()
         for key in data:
             try:
                 del dataset.extras[key]
@@ -387,7 +390,7 @@ class ResourcesAPI(API):
     @apiv2.marshal_with(resource_page_fields)
     def get(self, dataset):
         """Get the given dataset resources, paginated."""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 apiv2.abort(404)
             elif dataset.deleted:
@@ -434,7 +437,7 @@ class DatasetSchemasAPI(API):
     @apiv2.marshal_with(schema_fields)
     def get(self, dataset):
         """Get a dataset schemas given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 apiv2.abort(404)
             elif dataset.deleted:
@@ -477,7 +480,7 @@ class ResourceAPI(API):
     def get(self, rid):
         dataset = Dataset.objects(resources__id=rid).first()
         if dataset:
-            if not DatasetEditPermission(dataset).can():
+            if not dataset.permissions["edit"].can():
                 if dataset.private:
                     apiv2.abort(404)
                 elif dataset.deleted:
@@ -508,7 +511,7 @@ class ResourceExtrasAPI(ResourceMixin, API):
     @apiv2.doc("get_resource_extras")
     def get(self, dataset, rid):
         """Get a resource extras given its identifier"""
-        if not DatasetEditPermission(dataset).can():
+        if not dataset.permissions["edit"].can():
             if dataset.private:
                 apiv2.abort(404)
             elif dataset.deleted:
@@ -525,7 +528,7 @@ class ResourceExtrasAPI(ResourceMixin, API):
             apiv2.abort(400, "Wrong payload format, dict expected")
         if dataset.deleted:
             apiv2.abort(410, "Dataset has been deleted")
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resource = self.get_resource_or_404(dataset, rid)
         # first remove extras key associated to a None value in payload
         for key in [k for k in data if data[k] is None]:
@@ -545,7 +548,7 @@ class ResourceExtrasAPI(ResourceMixin, API):
             apiv2.abort(400, "Wrong payload format, list expected")
         if dataset.deleted:
             apiv2.abort(410, "Dataset has been deleted")
-        ResourceEditPermission(dataset).test()
+        dataset.permissions["edit_resources"].test()
         resource = self.get_resource_or_404(dataset, rid)
         try:
             for key in data:

udata/core/dataset/models.py

@@ -706,6 +706,16 @@ class Dataset(Auditable, WithMetrics, DatasetBadgeMixin, Owned, db.Document):
                     "Dataset's organization did not define the requested custom metadata."
                 )
 
+    @property
+    def permissions(self):
+        from .permissions import DatasetEditPermission, ResourceEditPermission
+
+        return {
+            "delete": DatasetEditPermission(self),
+            "edit": DatasetEditPermission(self),
+            "edit_resources": ResourceEditPermission(self),
+        }
+
     def url_for(self, *args, **kwargs):
         return endpoint_for("datasets.show", "api.dataset", dataset=self, *args, **kwargs)
 
@@ -1088,6 +1098,15 @@ class CommunityResource(ResourceMixin, WithMetrics, Owned, db.Document):
     def from_community(self):
         return True
 
+    @property
+    def permissions(self):
+        from .permissions import ResourceEditPermission
+
+        return {
+            "delete": ResourceEditPermission(self),
+            "edit": ResourceEditPermission(self),
+        }
+
 
 class ResourceSchema(object):
     @staticmethod

udata/core/reuse/api.py

@@ -33,7 +33,6 @@ from .api_fields import (
     reuse_type_fields,
 )
 from .models import Reuse
-from .permissions import ReuseEditPermission
 
 DEFAULT_SORTING = "-created_at"
 SUGGEST_SORTING = "-metrics.followers"
@@ -179,7 +178,7 @@ class ReuseAPI(API):
     @api.marshal_with(Reuse.__read_fields__)
     def get(self, reuse):
         """Fetch a given reuse"""
-        if not ReuseEditPermission(reuse).can():
+        if not reuse.permissions["edit"].can():
             if reuse.private:
                 api.abort(404)
             elif reuse.deleted:
@@ -196,7 +195,7 @@ class ReuseAPI(API):
         request_deleted = request.json.get("deleted", True)
         if reuse.deleted and request_deleted is not None:
             api.abort(410, "This reuse has been deleted")
-        ReuseEditPermission(reuse).test()
+        reuse.permissions["edit"].test()
 
         # This is a patch but old API acted like PATCH on PUT requests.
         return patch_and_save(reuse, request)
@@ -208,7 +207,7 @@ class ReuseAPI(API):
         """Delete a given reuse"""
         if reuse.deleted:
             api.abort(410, "This reuse has been deleted")
-        ReuseEditPermission(reuse).test()
+        reuse.permissions["delete"].test()
         reuse.deleted = datetime.utcnow()
         reuse.save()
         return "", 204
@@ -335,7 +334,7 @@ class ReuseImageAPI(API):
     @api.marshal_with(uploaded_image_fields)
     def post(self, reuse):
         """Upload a new reuse image"""
-        ReuseEditPermission(reuse).test()
+        reuse.permissions["edit"].test()
         parse_uploaded_image(reuse.image)
         reuse.save()
 

udata/core/reuse/api_fields.py

@@ -4,6 +4,14 @@ from .constants import IMAGE_SIZES
 
 BIGGEST_IMAGE_SIZE = IMAGE_SIZES[0]
 
+reuse_permissions_fields = api.model(
+    "ReusePermissions",
+    {
+        "delete": fields.Permission(),
+        "edit": fields.Permission(),
+    },
+)
+
 reuse_type_fields = api.model(
     "ReuseType",
     {

udata/core/reuse/apiv2.py

@@ -5,8 +5,10 @@ from udata.api import API, apiv2
 from udata.core.reuse.models import Reuse
 from udata.utils import multi_to_dict
 
+from .api_fields import reuse_permissions_fields
 from .search import ReuseSearch
 
+apiv2.inherit("ReusePermissions", reuse_permissions_fields)
 apiv2.inherit("ReusePage", Reuse.__page_fields__)
 apiv2.inherit("Reuse (read)", Reuse.__read_fields__)
 

udata/core/reuse/models.py

@@ -6,7 +6,7 @@ from udata.api_fields import field, function_field, generate_fields
 from udata.core.activity.models import Auditable
 from udata.core.dataset.api_fields import dataset_fields
 from udata.core.owned import Owned, OwnedQuerySet
-from udata.core.reuse.api_fields import BIGGEST_IMAGE_SIZE
+from udata.core.reuse.api_fields import BIGGEST_IMAGE_SIZE, reuse_permissions_fields
 from udata.core.storages import default_image_basename, images
 from udata.frontend.markdown import mdstrip
 from udata.i18n import lazy_gettext as _
@@ -200,6 +200,18 @@ class Reuse(db.Datetimed, Auditable, WithMetrics, ReuseBadgeMixin, Owned, db.Doc
             "reuses.show", reuse=self, _external=True, fallback_endpoint="api.reuse"
         )
 
+    @property
+    @function_field(
+        nested_fields=reuse_permissions_fields,
+    )
+    def permissions(self):
+        from .permissions import ReuseEditPermission
+
+        return {
+            "delete": ReuseEditPermission(self),
+            "edit": ReuseEditPermission(self),
+        }
+
     @property
     def is_visible(self):
         return not self.is_hidden