def get_permissions(self):
if self.request.method == 'GET':
return [permissions.AllowAny()]
elif self.request.method == 'DELETE':
return [permissions.IsAdminUser()]
else: # PUT, PATCH (Update)
return [permissions.IsAdminUser(), IsThisUserOrReadOnly()]
def has_permission(self, request, view):
isAdminUserPermission = permissions.IsAdminUser()
if view.action == 'create':
return True
if view.action == 'list':
return permissions.IsAdminUser().has_permission(request, view)
else:
return permissions.IsAdminUser().has_permission(request, view) or \
(IsAuthenticatedOrTokenHasScope().has_permission(request, view)
and permissions.DjangoModelPermissions().has_permission(request, view))
def get_permissions(self):
try:
# is_public = true
if is_test_public(self.request.query_params.get("test_name", None)):
return [permissions.IsAuthenticatedOrReadOnly()]
# is_public = false
else:
return [permissions.IsAdminUser()]
# is_test_public does not exist
except ObjectDoesNotExist:
return [permissions.IsAdminUser()]
def get_permissions(self):
if self.request.method == "POST":
return [permissions.IsAuthenticated(), permissions.IsAdminUser()]
if self.request.method == "PUT":
return [permissions.IsAdminUser()]
if self.request.method == "DELETE":
return [permissions.IsAdminUser()]
if self.request.method == "GET":
return [permissions.AllowAny()]
def get_permissions(self):
if self.action == "retrieve":
return [permissions.IsAuthenticated()]
elif self.action == "create":
return [permissions.IsAdminUser()]
elif self.action == "list":
return [permissions.IsAuthenticated()]
elif self.action == "update":
return [permissions.IsAdminUser()]
elif self.action == "partial_update":
return [permissions.IsAdminUser()]
elif self.action == "destroy":
return [permissions.IsAdminUser()]
else:
return [permissions.IsAuthenticatedOrReadOnly()]
def get_permissions(self):
if self.action == "create" or self.action == "update" or self.action == "partial_update" or self.action == "destroy":
return [permissions.IsAdminUser()]
# 自定义权限
# return [mypermissions.CategoryPermission()]
else:
return []
def get_permissions(self):
if self.request.method in ['GET', 'POST']:
return [permissions.IsAuthenticated(), IsOwnerOrAdmin()]
elif self.request.method in ['PUT']:
return [permissions.IsAuthenticated(), permissions.IsAdminUser()]
else:
return [permissions.IsAuthenticated(), IsOwnerOrAdmin()]
def get_permissions(self):
if self.request.method == "GET":
return [permissions.AllowAny()]
if self.request.method == "POST":
return [permissions.IsAuthenticated()]
if self.request.method == "PUT" or "DELETE":
return [isResponseCreator() or permissions.IsAdminUser()]
def get_permissions(self):
if self.action == "create" or self.action == "update" or self.action == "partial_update" or self.action == "destroy":
return [permissions.IsAdminUser()]
#return [mypermissions.CategoryPermission()]
#return [permissions.IsAuthenticatedOrReadOnly()]
else:
return []
def get_permissions(self):
if self.action == 'create':
return [permissions.AllowAny()]
elif self.action == 'list':
return [permissions.IsAdminUser()]
elif self.action in ('retrieve', 'update', 'destroy'):
return [IsSelfOrAdmin()]
def get_permissions(self):
if self.action == "create":
return [permissions.IsAuthenticated()]
elif self.action == "update" or self.action == "partial_update" or self.action == "retrieve" or self.action == "destroy":
return [mypermissions.OrderPermission()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
if self.action == 'create':
return [permissions.IsAuthenticated()]
elif self.action == 'update' or self.action == 'partial_update' or self.action == 'retrieve' or self.action == 'destory':
return [mypermissions.OrdersPermission()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
if self.action == 'list':
return [perm.IsAdminUser()]
elif self.action == 'create':
return [perm.AllowAny()]
else:
return [perm.IsAuthenticated()]
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return [
permissions.AllowAny(),
]
return [
permissions.IsAdminUser(),
]
def get_permissions(self):
if self.action == "create" or self.action == "update" or self.action == "partial_update" or \
self.action == "destory":
return [permissions.IsAdminUser()] # 必须是超级管理员
# return [permissions.IsAuthenticatedOrReadOnly()] # 未登录只读,登陆后可修改
# return [mypermissions.CategoryPermission()] # 使用自定义权限类
else:
# return [permissions.IsAuthenticated()]
return []
def get_permissions(self):
# 超级管理员可以展示所有订单
# 普通用户可以创建修改订单,不可以操作其他用户的订单
if self.action == "create":
return [permissions.IsAuthenticated()]
elif self.action == "update" or self.action == "partial_update" or self.action == "retrieve":
return [mypermissions.OrderPermission()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
print("当前http方法为", self.action)
if self.action == "create" or self.action == "list":
return [permissions.IsAuthenticated()]
elif self.action == "update" or self.action == "partial_update" or \
self.action == 'retrieve' or self.action == "destroy":
return [mypermissions.OrdersPermission()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
"""
Override get_permissions instead of setting permission_classes so that
we can specify different permissions for different HTTP methods.
"""
if self.request.method == "GET":
return [permissions.IsAdminUser()]
else: # POST
return [permissions.AllowAny()]
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return (permissions.IsAdminUser(), )
# allow anyone to create new user
if self.request.method == 'POST':
return (permissions.AllowAny(), )
# only owner can perform UPDATE or DELETE
return (permissions.IsAuthenticated(), IsUserOwner())
def get_permissions(self):
if self.action == "destroy":
return [permissions.IsAdminUser()]
elif self.action == "create":
return [permissions.IsAuthenticated()]
elif self.action == "update":
return [IsAdminOrProjectMember()]
elif self.action == "partial_update":
return [IsAdminOrProjectMember()]
return []
def get_permissions(self):
if self.action == "retrieve":
return [permissions.IsAuthenticated()]
if self.action == "update":
return [permissions.IsAuthenticated()]
elif self.action == "create":
return []
elif self.action == "list":
return [permissions.IsAdminUser()]
return []
def get_permissions(self):
"""
Get the list of permissions that the current action requires.
The `partial_update` action requires a staff user (an internal bot),
others just require authentication.
"""
# TODO: this needs to be re-thought for anon users - how to handle anon
# TODO: access.
return ([permissions.IsAdminUser()] if self.action == "partial_update"
else [permissions.AllowAny()])
def get_permissions(self):
if self.request.method == 'GET':
return [
permissions.AllowAny(),
]
elif self.request.method == 'POST':
return [
permissions.IsAuthenticated(),
]
return [
permissions.IsAdminUser(),
]
def get_permissions(self):
"""
超级管理员只可以展示所有订单
普通用户 可以创建修改订单 不可以操作其他用户的订单
:return:
"""
if self.action == "create":
return [permissions.IsAuthenticated()]
elif self.action == "update" or self.action == "partial_update" or self.action == "retrieve" or self.action == "destroy":
return [mypermissions.OrderPermissions()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return (permissions.IsAuthenticated(), )
if self.request.method == 'POST':
return (permissions.IsAdminUser(), )
return (
permissions.IsAuthenticated(),
IsUsrOwner(),
)
def get_permissions(self):
"""
超级管理员可以展示所有订单
普通用户可以创建修改订单 不可以操作其他用户的订单
:return:
"""
print("http方法:", self.action)
if self.action == 'create':
return [permissions.IsAuthenticated()]
elif self.action == 'update' or self.action == 'partial_update' or self.action == 'retrieve' or self.action == 'destroy':
return [mypermissions.OrderPermission()]
else:
return [permissions.IsAdminUser()]
def get_permissions(self):
self.request.ID = self.kwargs['parent_lookup_tournoi']
if self.request.method == 'GET':
return [
permissions.AllowAny(),
]
if self.request.method == 'POST':
return [
IsAdminTournament(),
]
return [
permissions.IsAdminUser(),
]
def get_permissions(self):
if self.request.method == 'PATCH':
return (
permissions.IsAuthenticated(),
IsOwner(),
)
if self.request.method == "DELETE":
return (
permissions.IsAuthenticated(),
permissions.IsAdminUser(),
)
return (permissions.IsAuthenticated(), )
def get_permissions(self):
"""
Get permissions
"""
if self.action == 'create':
return [permissions.AllowAny()]
if self.action in ['update', 'partial_update', 'destroy', 'retrieve']:
return [IsAdminOrAccountOwner()]
if self.action == 'list':
return [permissions.IsAdminUser()]
return [permission() for permission in self.permission_classes]
def has_permission(self, request: Request, view: View) -> bool:
"""
Check whether the user is an admin through either of the two definitions.
These definitions are determined either through our custom admin check,
or the default check supplied by Django REST.
:param request: the request which is evaluated
:param view: the view to which the request is sent
:return: whether the user is a valid admin or not
"""
return any([
rfperms.IsAdminUser().has_permission(request, view),
AdminApiKeyCustomCheck().has_permission(request, view),
])
