def has_permission(self, request, view):
if view.action == 'create':
permission_cls = IsAuthenticated()
return permission_cls.has_permission(request=request, view=view)
elif view.action == 'list':
permission_cls = IsAdminUser()
return permission_cls.has_permission(request=request, view=view)
else:
return False
def has_permission(self, request, view):
if view.action in ('retrieve', 'partial_update', 'destroy'):
return IsAuthenticated.has_permission(None, request, view)
elif view.action == 'list':
return bool(
IsAuthenticated.has_permission(None, request, view)
and IsAdminUser.has_permission(None, request, view))
elif view.action == 'create':
return True
def update(self, request, *args, **kwargs):
isAuth=IsAuthenticated()
if isAuth.has_permission(request,self):
if request.user == Event.objects.filter(id=kwargs.get("pk")).first().holder:
saved_file_url = ""
# print(request.data)
# json = request.data.get('user')
# print(str(json))
# jsonDecoder = JSONDecoder()
# json = jsonDecoder.decode(json)
# print(json)
# image = request.data.get('file')
if request.FILES.get("header_image"):
myfile = request.FILES['header_image']
fs = FileSystemStorage()
filename = fs.save(myfile.name, myfile)
saved_file_url = Backtory.upload_file(open(join(settings.MEDIA_ROOT, filename), 'rb'))
fs.delete(filename)
partial = kwargs.pop('partial', False)
instance = self.get_object()
serializer = CreateEventSerializer(instance, data=request.data, partial=partial,context={"image":saved_file_url})
serializer.is_valid(raise_exception=True)
s=serializer.save(header_image=saved_file_url)
if getattr(instance, '_prefetched_objects_cache', None):
instance._prefetched_objects_cache = {}
return Response(GetEventSerializers(instance=s).data)
return Response("Access Denied")
return Response("not authorized")
def has_permission(self, request, view):
"""
Check if the user is authenticated and employee or read-only.
This permission will also provide (full) access to the
administrator.
:param request: The current request instance
:type request: rest_framework.request.Request
:param view: The current view instance
:type view: rest_framework.views.APIView
:return: Whether the permission was granted or not
:rtype: bool
"""
if not IsAuthenticated.has_permission(self, request, view):
return False
if (
is_management(request.user, False) or
is_employer(request.user, False)
):
return request.method.upper() in (
'GET', 'HEAD', 'OPTIONS', 'TRACE'
)
return is_employee(request.user)
def has_permission(self, request, view):
"""Enable the restrived API access mode,
which only allows authenticated users, or allow readonly access.
"""
if settings.RESTRICT_API:
permission = IsAuthenticated()
else:
permission = IsAuthenticatedOrReadOnly()
return permission.has_permission(request, view)
def print_debug_message(self, request):
print('============ {}: {}'.format(request.method,
request.build_absolute_uri()))
print('header --%s--' % request.META.get('HTTP_AUTHORIZATION'))
print('AllowAny:', AllowAny.has_permission(self, request, view))
print('IsAuthenticatedOrReadOnly:',
IsAuthenticatedOrReadOnly.has_permission(self, request, view))
print('IsAuthenticated:',
IsAuthenticated.has_permission(self, request, view))
print('IsAdminUser:'******'request.user', request.user)
print('request user is auth', request.user.is_authenticated)
print('request user is staff', request.user.is_staff)
print('request user is super', request.user.is_superuser)
def has_permission(self, request, view):
"""
Check if the current user has any of the predefined groups.
:param request: The current request instance
:type request: rest_framework.request.Request
:param view: The current view instance
:type view: rest_framework.views.APIView
:return: Whether the permission was granted or not
:rtype: bool
"""
return (
IsAuthenticated.has_permission(self, request, view)
and request.user.group_id in Groups.__iter__()
)
def has_permission(self, request, view):
"""
Check if the user is authenticated and a employer.
This permission will also provide (full) access to the
administrator.
:param request: The current request instance
:type request: rest_framework.request.Request
:param view: The current view instance
:type view: rest_framework.views.APIView
:return: Whether the permission was granted or not
:rtype: bool
"""
return (
IsAuthenticated.has_permission(self, request, view)
and is_employer(request.user)
)
def has_permission(self, request, view):
is_admin = super().has_permission(request, view)
is_authenticated = IsAuthenticated.has_permission(self, request, view)
return is_authenticated and request.method in SAFE_METHODS or is_admin
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
return True
else:
return IsAuthenticated.has_permission(self, request, view)
