def has_permission(self, request, view):
"""Evalua si un usuario puede manipular la tabla `User`
Parameters
- - - - -
request : object
Objeto de solicitud
Returns
- - - - -
True
Si el usuario (POST, PUT, GET, DELETE) tiene permisos para esos metodos
False
En caso contrario
"""
user_request = User.objects.get(
email=get_user_token(request).get("email"))
if user_request:
if request.method in permissions.SAFE_METHODS:
if user_request.has_perm("studies_app.view_studycenters"):
return True
elif request.method is DELETE:
if user_request.has_perm("studies_app.delete_studycenters"):
return True
else:
if user_request.has_perm(
"studies_app.add_studycenters"
) and user_request.has_perm("studies_app.change_studycenters"):
return True
return False
else:
return False
def has_permission(self, request, view):
user_request = User.objects.get(
email=get_user_token(request).get("email"))
if user_request is not None:
if request.method in permissions.SAFE_METHODS:
if user_request.has_perm("places_app.view_department"):
return True
elif request.method is DELETE:
if user_request.has_perm("places_app.delete_department"):
return True
else:
if user_request.has_perm("places_app.add_department") and user_request.has_perm("users_app.change_department"):
return True
return False
else:
return False