Ejemplo n.º 1
0
 def get_permissions(self):
     if self.action in ('retrieve', 'list', 'comment_list', 'main',
                        'trending'):
         return (AllowAny(), )
     elif self.request.method.lower() == 'options':
         return (AllowAny(), )  # Allow CORS preflight request
     return self.permission_classes
Ejemplo n.º 2
0
 def get_permissions(self):
     if self.request.method == 'DELETE':
         return [IsAdminUser()]
     elif self.request.method == 'POST':
         return [AllowAny()]
     else:
         return [AllowAny()]
Ejemplo n.º 3
0
    def get_permissions(self):

        if self.action == 'create':
            return [AllowAny()]
        elif self.action in ['update', 'destroy']:
            return [AllowAny()]

        return super().get_permissions()
Ejemplo n.º 4
0
 def get_permissions(self):
     if self.action == 'retrieve':
         return [IsAuthenticated()]
     elif self.action == 'create':
         return [AllowAny()]
     elif self.action == 'updata' or 'destory':
         return [IsAuthenticated()]
     return [AllowAny()]
Ejemplo n.º 5
0
    def get_permissions(self):

        if self.action == 'create':
            return [AllowAny()]
        elif self.action in ['update', 'destroy', 'retrieve']:
            return [IsOwner()]
        elif self.action == 'login':
            return [AllowAny()]
        return super().get_permissions()
Ejemplo n.º 6
0
    def get_permissions(self):
        if self.action in ('create', 'login'):
            return [AllowAny()]
        elif self.name == 'Login':
            return [AllowAny()]

        if self.action == 'deactivate':
            return [IsUserSelf()]

        return super().get_permissions()
Ejemplo n.º 7
0
 def get_permissions(self):
     # allow non-authenticated user to create via POST
     # TODO: This needs to be more strict. POST && request
     # URL = /api/v1/users for instance. Same for activate.
     resolver = self.request.resolver_match
     view_name = resolver.view_name
     if self.request.method == 'POST':
         return (AllowAny(), )
     elif self.request.method == 'PUT' and view_name != 'user-self':
         return (AllowAny(), )
     else:
         return (TokenHasReadWriteScope(), )
Ejemplo n.º 8
0
    def get_permissions(self):
        if self.request.method in SAFE_METHODS:
            # Authentication isn't needed for safe methods like GET
            return (AllowAny(), )

        if self.request.method == 'POST':
            # Authentication isn't needed when creating a new account.
            return (AllowAny(), )

        # Authentication is needed for updates to Account object.
        return (
            IsAuthenticated(),
            IsAccountOwner(),
        )
Ejemplo n.º 9
0
 def get_permissions(self):
     if self.request.method in SAFE_METHODS:
         return [AllowAny()]
     elif self.request.method == 'POST':
         return [IsAuthenticated()]
     else:
         return [DjangoModelPermissions()]
Ejemplo n.º 10
0
    def get_permissions(self):
        if self.request.method == 'DELETE':
            return [IsAdminUser()]

        if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET':
            return [AllowAny()]
        return [IsAuthenticated()]
Ejemplo n.º 11
0
    def get_permissions(self):
        if self.request.method == 'GET':
            return [AllowAny()]
        if self.request.method == 'DELETE':
            return [IsAdminUser()]

        return [IsAuthenticated()]
Ejemplo n.º 12
0
 def get_permissions(self):
     if self.request.method == 'GET':
         return (AllowAny(), )
     elif self.request.method == "DELETE":
         return (IsAdminUser(), )
     else:
         return (IsAuthenticated(),)
Ejemplo n.º 13
0
    def get_permissions(self):
        if self.action == 'create':
            return (IsAuthenticated(), )
        if self.action in ['update', 'partial_update', 'delete']:
            return (IsSuperUserOrReadOnly(), )

        return (AllowAny(), )
Ejemplo n.º 14
0
    def get_permissions(self):
        if self.action in [
            'create_order',
        ]:
            return [IsAuthenticated(),]

        return [AllowAny(),]
Ejemplo n.º 15
0
 def get_permissions(self):
     if self.action in (
             "update",
             "destroy",
     ):
         return (IsAuthenticated(), )
     return (AllowAny(), )
Ejemplo n.º 16
0
    def get_permissions(self):

        if self.request.method == 'GET':
            # check user is in group 1 (User)
            if User.objects.filter(username=self.request.user.username,
                                   groups=(1, )):
                return IsAuthenticated(), IsOwner(),

            return AllowAny(),

        elif self.request.method == 'PUT':
            # check user is in group 1 (User)
            if User.objects.filter(username=self.request.user.username,
                                   groups=(1, )):
                return IsAuthenticated(), IsOwner(),

            # check user is in group 2 (Manager)
            elif User.objects.filter(username=self.request.user.username,
                                     groups=(2, )):
                return IsAuthenticated(),

            # admin rights
            return IsAdminUser(),

        elif self.request.method == "DELETE":
            # check user is in group 2 (Manager)
            if User.objects.filter(username=self.request.user.username,
                                   groups=(2, )):
                return IsAuthenticated(),

            # admin rights
            return IsAdminUser(),
Ejemplo n.º 17
0
 def get_permissions(self):
     permissions_bucket = ["update","create"]
     if self.action in permissions_bucket:
         return [IsAuthenticated()]
     else:
         return [AllowAny()]
         #return super(self, Episode_ViewSet).get_permissions()
Ejemplo n.º 18
0
 def get_permissions(self):
   if self.action == 'create':
       return [IsAuthenticated(), ] 
   elif self.action == 'update' or self.action == 'partial_update' or self.action == 'destroy':
       return [ShopEditDelete(), ] 
   else :
       return [AllowAny(), ] 
Ejemplo n.º 19
0
 def get_permissions(self):
     """Получение прав для действий."""
     if self.action in ["create", "update", "partial_update", "destroy"]:
         return [IsAdminUser()]
     if self.action in ["list", "retrieve"]:
         return [AllowAny()]
     return []
Ejemplo n.º 20
0
 def get_permissions(self):
     print(self.action)
     print(self.request.method)
     if self.action in ['list', 'retrieve']:  # self.request.method == "GET"
         return [GETModelPermissions()]
     else:
         return [AllowAny()]
Ejemplo n.º 21
0
 def get_permissions(self):
     if self.request.method == 'GET':
         return [
             AllowAny(),
         ]
     else:
         return [IsAuthenticated(), IsSuperUserPermission()]
Ejemplo n.º 22
0
 def get_permissions(self):
     # 注意要加用 AllowAny() / IsAuthenticated() 实例化出对象
     # 而不是 AllowAny / IsAuthenticated 这样只是一个类名
     if self.action == 'create':
         return [IsAuthenticated()]
     if self.action in ['destroy', 'update']:
         return [IsAuthenticated(), IsObjectOwner()]
     return [AllowAny()]
 def get_permissions(self):
     print(self.action)
     print(self.request.method)
     if self.action in ['create', 'update',
                        'destroy']:  # self.request.method == "GET"
         return [GETModelPermissions()]
     else:
         return [AllowAny()]
Ejemplo n.º 24
0
 def get_permissions(self):
     if self.action == 'list':
         return [
             IsAuthenticated(),
         ]
     return [
         AllowAny(),
     ]
Ejemplo n.º 25
0
 def get_permissions(self):
     # AllowAny() / IsAuthenticated() generate an object instance
     # not AllowAny / IsAuthenticated, this is just a class name
     if self.action == 'create':
         return [IsAuthenticated()]
     if self.action in ['destroy', 'update']:
         return [IsAuthenticated(), IsObjectOwner()]
     return [AllowAny()]
Ejemplo n.º 26
0
 def get_permissions(self):
     if self.action in ['list', 'by_town', 'retrieve']:
         return [AllowAny()]
     if self.action == 'create':
         return [Or(IsAdminUser, IsStaff)]
     if self.action in ['update']:
         return [Or(IsAdminUser, IsStaff, IsOwnerRestaurantAdministrator)]
     return [IsAdminUser]
Ejemplo n.º 27
0
 def get_permissions(self):
     # we need to use AllowAny() / IsAuthenticated() to instantiate an object
     # rather than using AllowAny / IsAuthenticated such class names
     if self.action == 'create':
         return [IsAuthenticated()]
     if self.action in ['destroy', 'update']:
         return [IsAuthenticated(), IsObjectOwner()]
     return [AllowAny()]
Ejemplo n.º 28
0
 def get_permissions(self):
     if self.action in ['update']:
         return [IsOwnerUser()]
     elif self.action in ['retrieve']:
         return [
             AllowAny(),
         ]
     return super(LessonViewSet, self).get_permissions()
Ejemplo n.º 29
0
    def get_permissions(self):
        if self.action == 'create':  # create는 로그인 없이도 가능
            return [AllowAny()]
        elif self.action in ['update',
                             'destroy']:  # update와 destroy는 자기가 등록한 것만 가능
            return [IsOwner()]

        return super().get_permissions()
Ejemplo n.º 30
0
 def get_permissions(self):
     # allow non-authenticated user to create via POST
     if self.request.method == 'POST':
         return (AllowAny()),
     elif self.request.method == 'GET':
         return (IsLocalStaffOrTargetUser()),
     else:
         return (IsLocalStaffOrOwner()),