def get_permissions(self):
if self.action == "retrieve":
return [permissions.IsAuthenticated()]
elif self.action == "create":
return [permissions.IsAdminUser()]
elif self.action == "list":
return [permissions.IsAuthenticated()]
elif self.action == "update":
return [permissions.IsAdminUser()]
elif self.action == "partial_update":
return [permissions.IsAdminUser()]
elif self.action == "destroy":
return [permissions.IsAdminUser()]
else:
return [permissions.IsAuthenticatedOrReadOnly()]
def get_permissions(self):
if self.action == "retrieve":
return [permissions.IsAuthenticatedOrReadOnly()]
elif self.action == "create":
return []
return []
def get_permissions(self):
if self.action == 'retrieve':
return [permissions.IsAuthenticatedOrReadOnly(), ]
elif self.action == 'create':
return [permissions.IsAuthenticated(), IsTeacherPermision()]
return []
def get_permissions(self):
if self.action == 'create' or self.action == 'register':
return [permissions.AllowAny()]
else:
return [permissions.IsAuthenticatedOrReadOnly()]
return False
same_pk = owner.pk == request.user.pk
return same_pk
return ModelPermission()
class ModelAuthenticated:
USER = user_auth()
PROFILE = user_auth('person', 'user')
POST = user_auth('author', 'person', 'user')
SOCIAL = user_auth('person', 'user')
DEFAULT_PERMISSION = permissions.IsAuthenticatedOrReadOnly()
ALLOW_ANY = permissions.AllowAny()
IS_ADMIN = MyIsAdmin()
NOBODY = MyNobody()
USER_OR_ADMIN = permissions.OR(ModelAuthenticated.USER, IS_ADMIN)
SOCIAL_OR_ADMIN = permissions.OR(ModelAuthenticated.SOCIAL, IS_ADMIN)
USER_METHODS_PERMISSIONS = {
'create': [ALLOW_ANY],
'retrieve': [USER_OR_ADMIN],
'update': [NOBODY],
'partial_update': [USER_OR_ADMIN],
'destroy': [USER_OR_ADMIN]
def has_object_permission(self, request, view, obj):
return permissions.IsAuthenticatedOrReadOnly(
) or request.user.is_superuser
