You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.4 KiB
44 lines
1.4 KiB
from django.contrib.auth import get_user_model
|
|
|
|
from rest_framework.permissions import BasePermission
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
class IsAdmin(BasePermission):
|
|
def has_permission(self, request, view):
|
|
return request.user.is_authenticated and (
|
|
request.user.role == User.ADMIN_ROLE or request.user.is_staff or request.user.is_superuser
|
|
)
|
|
|
|
|
|
class IsTeacherOrAdmin(BasePermission):
|
|
def has_permission(self, request, view):
|
|
return request.user.is_authenticated and (
|
|
request.user.role >= User.TEACHER_ROLE or
|
|
request.user.is_staff or
|
|
request.user.is_superuser
|
|
)
|
|
|
|
|
|
class IsAdminOrIsSelf(BasePermission):
|
|
def has_object_permission(self, request, view, user):
|
|
return request.user.is_authenticated and (
|
|
user == request.user or request.user.is_staff or request.user.is_superuser
|
|
)
|
|
|
|
|
|
class IsAuthorOrAdmin(BasePermission):
|
|
def has_permission(self, request, view):
|
|
return request.user.is_authenticated and (
|
|
request.user.role >= User.AUTHOR_ROLE or
|
|
request.user.is_staff or
|
|
request.user.is_superuser
|
|
)
|
|
|
|
|
|
class IsAuthorObjectOrAdmin(BasePermission):
|
|
def has_object_permission(self, request, view, obj):
|
|
return request.user.is_authenticated and (
|
|
request.user.role == User.ADMIN_ROLE or request.user.is_staff or request.user.is_superuser
|
|
) or request.user == obj.author
|
|
|