def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return [permissions.AllowAny(), ]
return [permissions.IsAdminUser(), ]
def get_permissions(self):
if self.request.method in ['HEAD', 'OPTIONS']:
return (permissions.AllowAny(), )
return (permissions.IsAuthenticated(), )
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return permissions.AllowAny(),
return permissions.IsAuthenticated(), IsAuthorOfPost(),
def get_permissions(self):
# allow non-authenticated user to create via POST
return (permissions.AllowAny()
if self.request.method == 'POST' else IsOwnerOrReadOnly()),
def get_permissions(self):
if self.action == 'my_info':
return [permissions.IsAuthenticated()]
elif self.detail and not self.action == 'retrieve':
return [(IsUser | permissions.IsAdminUser)()]
return [permissions.AllowAny()]
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return (permissions.AllowAny(), )
def get_permissions(self):
if self.request.method == "POST":
return [permissions.AllowAny()]
return [permissions.IsAuthenticated()]
def get_permissions(self):
if self.action in ['list', 'retrieve', 'stream_video']:
return (rest_permissions.AllowAny(), )
if self.action in ['update', 'create']:
return (rest_permissions.IsAdminUser(), )
return (permission() for permission in self.permission_classes)
def get_permissions(self):
# allow non-authenticated user to create via POST
return (permissions.AllowAny()
if self.request.method == 'POST' else IsStaffOrTargetUser()),
def get_permissions(self):
if self.request.method == 'GET':
return [permissions.AllowAny()]
else:
return [permissions.IsAuthenticated()]
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return (permissions.AllowAny(),)
return (permissions.IsAuthenticated(), IsOwner(),)
def get_permissions(self):
if self.action == 'list':
return [permissions.AllowAny()]
return [permissions.IsAdminUser()]
def get_permissions(self):
if self.action == 'create':
return [permissions.AllowAny()]
return [permissions.IsAuthenticated()]
def get_permissions(self):
if self.action == 'create':
return [permission() for permission in self.permission_classes]
if self.action == 'update':
return (IsOwnerOrReadOnly(), )
return (permissions.AllowAny(), )
def get_permissions(self):
current_permissions = super().get_permissions()
if self.action in ("retrieve", "list"):
return [permissions.AllowAny()]
return current_permissions
def get_permissions(self):
if self.action == 'create':
return [permissions.AllowAny()]
return super().get_permissions()
def get_permissions(self):
if self.request.method == 'PUT' or self.request.method == 'PATCH':
return (UserPermission('can_create_dept'), )
elif self.request.method == 'GET':
return (permissions.AllowAny(), )
raise MethodNotAllowed(method=self.request.method)
def get_permissions(self):
if self.action in ["list", "retrieve", "search", "filter"]:
return [
permissions.AllowAny(),
]
return super().get_permissions()
def get_permissions(self):
return (permissions.AllowAny(), )
def get_permissions(self):
if self.action in ["list" , "retrieve" , "create" , "search", "filter" , "approved" , "card" , "report"]:
return [permissions.AllowAny(), ]
return super().get_permissions()
def get_permissions(self):
if self.action in ['list', 'retrieve']:
return [
permissions.AllowAny(),
]
return [permissions.IsAuthenticated()]
def get_permissions(self):
return (permissions.AllowAny() if self.request.method == 'POST' else IsStaffOrTargetUser()),
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS or self.request.method == "POST":
return permissions.AllowAny(),
return permissions.IsAuthenticated(), IsAccountOwner(),
def get_permissions(self):
if self.action in ('list', 'retrieve', 'get_books'):
return (permissions.AllowAny(),)
return (permissions.IsAdminUser(),)
def get_permission(self):
if self.request.method == 'POST':
return (UserPermission('can_add_copy_of_book'), )
elif self.request.method == 'GET':
return (permissions.AllowAny(), )
return MethodNotAllowed(method=self.request.method)
def get_permissions(self):
if self.action == "list" or self.action == "retrieve":
return (permissions.AllowAny(),)
if self.action == "destroy":
return (permissions.IsAdminUser(),)
return (permissions.IsAuthenticated(),)
def get_permissions(self):
if self.request.method == 'POST':
return (permissions.AllowAny(), )
return (permissions.IsAuthenticated(), )
def get_permissions(self):
"""覆写,以在不同的请求方法下使用不同的权限认证"""
if self.action == "create":
return [permissions.IsAuthenticated()] # 登录了才能发帖
return [permissions.AllowAny()] # 登不登录都能看贴
def get_permissions(self):
if self.request.method == 'POST':
return (permissions.AllowAny(), )
elif self.request.method == 'GET':
return (UserPermission('can_get_users'), )
raise MethodNotAllowed(method=self.request.method)
def get_permissions(self):
if settings.WALDUR_MARKETPLACE['ANONYMOUS_USER_CAN_VIEW_OFFERINGS']:
return [rf_permissions.AllowAny()]
else:
return super(PublicViewsetMixin, self).get_permissions()
