def has_object_permission(self, request, view, obj):
# print("has_object_permission", request.method) # For debugging purposes only.
# --- RETRIEVE ---
if "GET" in request.method:
# # OWNERSHIP BASED
# if request.user == obj.owner:
# return True
# PERMISSION BASED
return has_permission('can_get_bulletin_board_item', request.user, request.user.groups.all())
# ---UPDATE ---
if "PUT" in request.method:
# # OWNERSHIP BASED
# if request.user == obj.owner:
# return True
# PERMISSION BASED
return has_permission('can_put_bulletin_board_item', request.user, request.user.groups.all())
# --- DELETE ---
if "DELETE" in request.method:
# PERMISSION BASED
return has_permission('can_delete_bulletin_board_item', request.user, request.user.groups.all())
return False
def has_permission(self, request, view):
# print("has_permission", request.method) # For debugging purposes only.
# --- LIST ---
if "GET" in request.method:
return has_permission('can_get_bulletin_board_items', request.user, request.user.groups.all())
# --- CREATE ---
if "POST" in request.method:
return has_permission('can_post_bulletin_board_item', request.user, request.user.groups.all())
return False
def has_permission(self, request, view):
# print("has_permission", request.method) # For debugging purposes only.
# --- LIST ---
if "GET" in request.method:
return has_permission('can_get_public_image_uploads', request.user,
request.user.groups.all())
# --- CREATE ---
if "POST" in request.method:
return has_permission('can_post_public_image_upload', request.user,
request.user.groups.all())
return False
def has_permission(self, request, view):
# print("has_permission", request.method) # For debugging purposes only.
# --- LIST ---
if "GET" in request.method:
return has_permission('can_get_insurance_requirements',
request.user, request.user.groups.all())
# --- CREATE ---
if "POST" in request.method:
return has_permission('can_post_insurance_requirement',
request.user, request.user.groups.all())
return False
