def get_permissions(self): if self.action == "retrieve": return [permissions.IsAuthenticated()] elif self.action == "create": return [permissions.IsAdminUser()] elif self.action == "list": return [permissions.IsAuthenticated()] elif self.action == "update": return [permissions.IsAdminUser()] elif self.action == "partial_update": return [permissions.IsAdminUser()] elif self.action == "destroy": return [permissions.IsAdminUser()] else: return [permissions.IsAuthenticatedOrReadOnly()]
def get_permissions(self): if self.action == "retrieve": return [permissions.IsAuthenticatedOrReadOnly()] elif self.action == "create": return [] return []
def get_permissions(self): if self.action == 'retrieve': return [permissions.IsAuthenticatedOrReadOnly(), ] elif self.action == 'create': return [permissions.IsAuthenticated(), IsTeacherPermision()] return []
def get_permissions(self): if self.action == 'create' or self.action == 'register': return [permissions.AllowAny()] else: return [permissions.IsAuthenticatedOrReadOnly()]
return False same_pk = owner.pk == request.user.pk return same_pk return ModelPermission() class ModelAuthenticated: USER = user_auth() PROFILE = user_auth('person', 'user') POST = user_auth('author', 'person', 'user') SOCIAL = user_auth('person', 'user') DEFAULT_PERMISSION = permissions.IsAuthenticatedOrReadOnly() ALLOW_ANY = permissions.AllowAny() IS_ADMIN = MyIsAdmin() NOBODY = MyNobody() USER_OR_ADMIN = permissions.OR(ModelAuthenticated.USER, IS_ADMIN) SOCIAL_OR_ADMIN = permissions.OR(ModelAuthenticated.SOCIAL, IS_ADMIN) USER_METHODS_PERMISSIONS = { 'create': [ALLOW_ANY], 'retrieve': [USER_OR_ADMIN], 'update': [NOBODY], 'partial_update': [USER_OR_ADMIN], 'destroy': [USER_OR_ADMIN]
def has_object_permission(self, request, view, obj): return permissions.IsAuthenticatedOrReadOnly( ) or request.user.is_superuser