def has_object_permission(self, request, view, obj): # print("has_object_permission", request.method) # For debugging purposes only. # --- RETRIEVE --- if "GET" in request.method: # # OWNERSHIP BASED # if request.user == obj.owner: # return True # PERMISSION BASED return has_permission('can_get_bulletin_board_item', request.user, request.user.groups.all()) # ---UPDATE --- if "PUT" in request.method: # # OWNERSHIP BASED # if request.user == obj.owner: # return True # PERMISSION BASED return has_permission('can_put_bulletin_board_item', request.user, request.user.groups.all()) # --- DELETE --- if "DELETE" in request.method: # PERMISSION BASED return has_permission('can_delete_bulletin_board_item', request.user, request.user.groups.all()) return False
def has_permission(self, request, view): # print("has_permission", request.method) # For debugging purposes only. # --- LIST --- if "GET" in request.method: return has_permission('can_get_bulletin_board_items', request.user, request.user.groups.all()) # --- CREATE --- if "POST" in request.method: return has_permission('can_post_bulletin_board_item', request.user, request.user.groups.all()) return False
def has_permission(self, request, view): # print("has_permission", request.method) # For debugging purposes only. # --- LIST --- if "GET" in request.method: return has_permission('can_get_public_image_uploads', request.user, request.user.groups.all()) # --- CREATE --- if "POST" in request.method: return has_permission('can_post_public_image_upload', request.user, request.user.groups.all()) return False
def has_permission(self, request, view): # print("has_permission", request.method) # For debugging purposes only. # --- LIST --- if "GET" in request.method: return has_permission('can_get_insurance_requirements', request.user, request.user.groups.all()) # --- CREATE --- if "POST" in request.method: return has_permission('can_post_insurance_requirement', request.user, request.user.groups.all()) return False