Dockery/Pinry
1
0
Fork 0
mirror of https://github.com/pinry/pinry.git synced 2025-11-13 16:45:41 +01:00
Code Issues Packages Projects Releases Activity
Files
b7734ec232e4620bfbe7a6f8e06fa560f77c14b0
Pinry/core/permissions.py
winkidney 56d847aace Feature: Add Private property for Pin and read proection 
Now the private pin should only be viewed by owner.
2020-02-11 14:32:58 +08:00

56 lines
1.6 KiB
Python
Raw Blame History

from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.IsAuthenticatedOrReadOnly):
"""
Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute.
"""
def __init__(self, owner_field_name="owner"):
self.__owner_field_name = owner_field_name
def __call__(self):
return self
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
return getattr(obj, self.__owner_field_name) == request.user
class OwnerOnlyIfPrivate(permissions.BasePermission):
def __init__(self, owner_field_name="owner"):
self.__owner_field_name = owner_field_name
def __call__(self):
return self
def has_object_permission(self, request, view, obj):
if getattr(obj, "private"):
return request.user == getattr(obj, self.__owner_field_name)
return True
class OwnerOnly(permissions.IsAuthenticatedOrReadOnly):
def has_permission(self, request, view):
return request.user.is_authenticated()
def has_object_permission(self, request, view, obj):
return obj.owner == request.user
class SuperUserOnly(permissions.BasePermission):
"""
The request is authenticated as a user, or is a read-only request.
"""
def has_permission(self, request, view):
return request.user.is_superuser
def has_object_permission(self, request, view, obj):
return request.user.is_superuser
Reference in New Issue View Git Blame Copy Permalink