Beispiel #1
0
 def has_permission(self, request, view):
     if view.action == 'create':
         permission_cls = IsAuthenticated()
         return permission_cls.has_permission(request=request, view=view)
     elif view.action == 'list':
         permission_cls = IsAdminUser()
         return permission_cls.has_permission(request=request, view=view)
     else:
         return False
Beispiel #2
0
    def has_permission(self, request, view):

        if view.action in ('retrieve', 'partial_update', 'destroy'):
            return IsAuthenticated.has_permission(None, request, view)

        elif view.action == 'list':
            return bool(
                IsAuthenticated.has_permission(None, request, view)
                and IsAdminUser.has_permission(None, request, view))

        elif view.action == 'create':
            return True
Beispiel #3
0
    def update(self, request, *args, **kwargs):
        isAuth=IsAuthenticated()
        if isAuth.has_permission(request,self):
            if request.user == Event.objects.filter(id=kwargs.get("pk")).first().holder:
                saved_file_url = ""
                # print(request.data)
                # json = request.data.get('user')
                # print(str(json))
                # jsonDecoder = JSONDecoder()
                # json = jsonDecoder.decode(json)
                # print(json)
                # image = request.data.get('file')
                if request.FILES.get("header_image"):
                    myfile = request.FILES['header_image']
                    fs = FileSystemStorage()
                    filename = fs.save(myfile.name, myfile)
                    saved_file_url = Backtory.upload_file(open(join(settings.MEDIA_ROOT, filename), 'rb'))
                    fs.delete(filename)
                partial = kwargs.pop('partial', False)
                instance = self.get_object()
                serializer = CreateEventSerializer(instance, data=request.data, partial=partial,context={"image":saved_file_url})
                serializer.is_valid(raise_exception=True)
                s=serializer.save(header_image=saved_file_url)
                if getattr(instance, '_prefetched_objects_cache', None):
                    instance._prefetched_objects_cache = {}

                return Response(GetEventSerializers(instance=s).data)
            return Response("Access Denied")
        return Response("not authorized")
Beispiel #4
0
    def has_permission(self, request, view):
        """
        Check if the user is authenticated and employee or read-only.

        This permission will also provide (full) access to the
        administrator.

        :param request: The current request instance
        :type request: rest_framework.request.Request

        :param view: The current view instance
        :type view: rest_framework.views.APIView

        :return: Whether the permission was granted or not
        :rtype: bool
        """
        if not IsAuthenticated.has_permission(self, request, view):
            return False

        if (
                is_management(request.user, False) or
                is_employer(request.user, False)
        ):
            return request.method.upper() in (
                'GET', 'HEAD', 'OPTIONS', 'TRACE'
            )

        return is_employee(request.user)
Beispiel #5
0
 def has_permission(self, request, view):
     """Enable the restrived API access mode,
     which only allows authenticated users, or allow readonly access.
     """
     if settings.RESTRICT_API:
         permission = IsAuthenticated()
     else:
         permission = IsAuthenticatedOrReadOnly()
     return permission.has_permission(request, view)
Beispiel #6
0
 def print_debug_message(self, request):
     print('============ {}: {}'.format(request.method,
                                        request.build_absolute_uri()))
     print('header  --%s--' % request.META.get('HTTP_AUTHORIZATION'))
     print('AllowAny:', AllowAny.has_permission(self, request, view))
     print('IsAuthenticatedOrReadOnly:',
           IsAuthenticatedOrReadOnly.has_permission(self, request, view))
     print('IsAuthenticated:',
           IsAuthenticated.has_permission(self, request, view))
     print('IsAdminUser:'******'request.user', request.user)
     print('request user is auth', request.user.is_authenticated)
     print('request user is staff', request.user.is_staff)
     print('request user is super', request.user.is_superuser)
Beispiel #7
0
    def has_permission(self, request, view):
        """
        Check if the current user has any of the predefined groups.

        :param request: The current request instance
        :type request: rest_framework.request.Request

        :param view: The current view instance
        :type view: rest_framework.views.APIView

        :return: Whether the permission was granted or not
        :rtype: bool
        """
        return (
            IsAuthenticated.has_permission(self, request, view)
            and request.user.group_id in Groups.__iter__()
        )
Beispiel #8
0
    def has_permission(self, request, view):
        """
        Check if the user is authenticated and a employer.

        This permission will also provide (full) access to the
        administrator.

        :param request: The current request instance
        :type request: rest_framework.request.Request

        :param view: The current view instance
        :type view: rest_framework.views.APIView

        :return: Whether the permission was granted or not
        :rtype: bool
        """
        return (
            IsAuthenticated.has_permission(self, request, view)
            and is_employer(request.user)
        )
Beispiel #9
0
 def has_permission(self, request, view):
     is_admin = super().has_permission(request, view)
     is_authenticated = IsAuthenticated.has_permission(self, request, view)
     return is_authenticated and request.method in SAFE_METHODS or is_admin
Beispiel #10
0
 def has_permission(self, request, view):
     if request.method in permissions.SAFE_METHODS:
         return True
     else:
         return IsAuthenticated.has_permission(self, request, view)