def has_object_permission(self, request, view, obj):
if check_api_user_permissions(view):
return True
if request.user == obj.user_story.development_user:
return bool(request.method in permissions.SAFE_METHODS
or view.action == "toggle")
return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj):
if check_api_user_permissions(view):
return True
if request.user == obj.user and obj.creation_datetime >= timezone.now(
) - timedelta(minutes=30):
return True
return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj):
if check_api_user_permissions(view):
return True
if request.user in [
obj.development_user, obj.validation_user, obj.support_user
]:
return bool(
request.method in permissions.SAFE_METHODS
or view.action in ["update", "partial_update", "validate"])
return request.method in permissions.SAFE_METHODS
def has_permission(self, request, view):
if view.action == "toggle" or check_api_user_permissions(view):
return True
return request.method in permissions.SAFE_METHODS
def has_permission(self, request, view):
if view.action in ["update", "partial_update", "validate"
] or check_api_user_permissions(view):
return True
return request.method in permissions.SAFE_METHODS
def perform_update(self, serializer):
if not check_api_user_permissions(self):
serializer.validated_data["user"] = serializer.instance.user
return super().perform_update(serializer)
def perform_create(self, serializer):
if not check_api_user_permissions(self):
serializer.validated_data["user"] = self.request.user
return super().perform_create(serializer)
def has_permission(self, request, view):
if view.action in ["request", "cancel"
] or check_api_user_permissions(view):
return True
return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj):
if check_api_user_permissions(view):
return True
return bool(request.method in permissions.SAFE_METHODS
or view.action == "toggle_volunteer")