def has_object_permission(self, request, view, obj): if check_api_user_permissions(view): return True if request.user == obj.user_story.development_user: return bool(request.method in permissions.SAFE_METHODS or view.action == "toggle") return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj): if check_api_user_permissions(view): return True if request.user == obj.user and obj.creation_datetime >= timezone.now( ) - timedelta(minutes=30): return True return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj): if check_api_user_permissions(view): return True if request.user in [ obj.development_user, obj.validation_user, obj.support_user ]: return bool( request.method in permissions.SAFE_METHODS or view.action in ["update", "partial_update", "validate"]) return request.method in permissions.SAFE_METHODS
def has_permission(self, request, view): if view.action == "toggle" or check_api_user_permissions(view): return True return request.method in permissions.SAFE_METHODS
def has_permission(self, request, view): if view.action in ["update", "partial_update", "validate" ] or check_api_user_permissions(view): return True return request.method in permissions.SAFE_METHODS
def perform_update(self, serializer): if not check_api_user_permissions(self): serializer.validated_data["user"] = serializer.instance.user return super().perform_update(serializer)
def perform_create(self, serializer): if not check_api_user_permissions(self): serializer.validated_data["user"] = self.request.user return super().perform_create(serializer)
def has_permission(self, request, view): if view.action in ["request", "cancel" ] or check_api_user_permissions(view): return True return request.method in permissions.SAFE_METHODS
def has_object_permission(self, request, view, obj): if check_api_user_permissions(view): return True return bool(request.method in permissions.SAFE_METHODS or view.action == "toggle_volunteer")