def get_permissions(self):
if self.action == 'create':
return [IsAuthenticated(), DjangoModelPermissions()]
elif self.action == 'update':
return [IsAuthenticated(), IsSameGroup(), DjangoModelPermissions()]
# elif self.action == 'retrieve':
# return [DjangoModelPermissionsOrAnonReadOnly()]
elif self.action == 'destroy':
return [IsAuthenticated(), IsSameGroup(), DjangoModelPermissions()]
elif self.action == 'can_update':
return [IsAuthenticated(), IsSameGroup(), DjangoModelPermissions()]
elif self.action == 'all_can_update':
return [IsAuthenticated(), DjangoModelPermissions()]
return [permission() for permission in self.permission_classes]
def has_object_permission(self, request, view, obj):
if not request.user.is_authenticated:
return False
if request.user is obj.user:
return True
return DjangoModelPermissions().has_object_permission(request,view,obj)
def get_permissions(self):
if self.action == 'create':
return [IsAuthenticated(), DjangoModelPermissions()]
elif self.action == 'update':
return [
IsAuthenticated(),
DjangoModelPermissions(),
RecoverOrderIsSameGroup()
]
elif self.action == 'can_create':
return [IsAuthenticated(), DjangoModelPermissions()]
elif self.action == 'can_update':
return [IsAuthenticated(), DjangoModelPermissions()]
elif self.action == 'all_can_update':
return [IsAuthenticated(), DjangoModelPermissions()]
return [permission() for permission in self.permission_classes]
def get_permissions(self):
if self.request.method in SAFE_METHODS:
return [AllowAny()]
elif self.request.method == 'POST':
return [IsAuthenticated()]
else:
return [DjangoModelPermissions()]
def has_object_permission(self, request, view, obj):
if view.action not in ['update', 'partial_update', 'destroy']:
return True
modelperm = DjangoModelPermissions()
if modelperm.has_permission(request, view):
return True
return register_log_has_perm(request, obj)
def if_can_do_actions(request, view, obj):
is_owner = obj.user == request.user
is_manager = request.user in obj.event.cell.managers.all()
dj_perm = DjangoModelPermissions()
is_django_perms = dj_perm.has_object_permission(request, view, obj)
return is_owner or (is_manager
and is_django_perms) or request.user.is_superuser
def has_permission(self, request, view):
is_authenticated = IsAdminUser().has_permission(
request, view) or DjangoModelPermissions().has_permission(
request, view)
oauth2authenticated = False
if is_authenticated:
oauth2authenticated = isinstance(request.successful_authenticator,
OAuth2Authentication)
token_has_scope = TokenHasReadWriteScope()
return (is_authenticated
and not oauth2authenticated) or token_has_scope.has_permission(
request, view)
def get_permissions(self):
if self.action in ['list', 'retrieve', 'create']:
return [DjangoModelPermissions()]
else:
return [AllowAny()]
def __init__(self):
self.django_perms = DjangoModelPermissions()
def has_permission(self, request, view):
return ApiKeyHeaderPermission().has_permission(request, view) or DjangoModelPermissions().has_permission(
request, view)
def get_permissions(self):
if self.action not in ['update', 'partial_update', 'destroy']:
return [IsAuthenticated()]
return [DjangoModelPermissions()]
def get_permissions(self):
if self.action == 'create':
return [IsAuthenticated(), DjangoModelPermissions()]
return [permission() for permission in self.permission_classes]
def get_permissions(self):
if self.action == 'product':
return [IsAuthenticated(), DjangoModelPermissions(), IsMFGUser()]
return [permission() for permission in self.permission_classes]
def has_permission(self, request, view):
return DjangoModelPermissions().has_permission(request, view)
def get_permissions(self):
if self.request.method in SAFE_METHODS:
return [AllowAny()]
else:
return [DjangoModelPermissions()]