def get_permissions(self):
if self.action in ('retrieve', 'list', 'comment_list', 'main',
'trending'):
return (AllowAny(), )
elif self.request.method.lower() == 'options':
return (AllowAny(), ) # Allow CORS preflight request
return self.permission_classes
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [AllowAny()]
def get_permissions(self):
if self.action == 'create':
return [AllowAny()]
elif self.action in ['update', 'destroy']:
return [AllowAny()]
return super().get_permissions()
def get_permissions(self):
if self.action == 'retrieve':
return [IsAuthenticated()]
elif self.action == 'create':
return [AllowAny()]
elif self.action == 'updata' or 'destory':
return [IsAuthenticated()]
return [AllowAny()]
def get_permissions(self):
if self.action == 'create':
return [AllowAny()]
elif self.action in ['update', 'destroy', 'retrieve']:
return [IsOwner()]
elif self.action == 'login':
return [AllowAny()]
return super().get_permissions()
def get_permissions(self):
if self.action in ('create', 'login'):
return [AllowAny()]
elif self.name == 'Login':
return [AllowAny()]
if self.action == 'deactivate':
return [IsUserSelf()]
return super().get_permissions()
def get_permissions(self):
# allow non-authenticated user to create via POST
# TODO: This needs to be more strict. POST && request
# URL = /api/v1/users for instance. Same for activate.
resolver = self.request.resolver_match
view_name = resolver.view_name
if self.request.method == 'POST':
return (AllowAny(), )
elif self.request.method == 'PUT' and view_name != 'user-self':
return (AllowAny(), )
else:
return (TokenHasReadWriteScope(), )
def get_permissions(self):
if self.request.method in SAFE_METHODS:
# Authentication isn't needed for safe methods like GET
return (AllowAny(), )
if self.request.method == 'POST':
# Authentication isn't needed when creating a new account.
return (AllowAny(), )
# Authentication is needed for updates to Account object.
return (
IsAuthenticated(),
IsAccountOwner(),
)
def get_permissions(self):
if self.request.method in SAFE_METHODS:
return [AllowAny()]
elif self.request.method == 'POST':
return [IsAuthenticated()]
else:
return [DjangoModelPermissions()]
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET':
return [AllowAny()]
return [IsAuthenticated()]
def get_permissions(self):
if self.request.method == 'GET':
return [AllowAny()]
if self.request.method == 'DELETE':
return [IsAdminUser()]
return [IsAuthenticated()]
def get_permissions(self):
if self.request.method == 'GET':
return (AllowAny(), )
elif self.request.method == "DELETE":
return (IsAdminUser(), )
else:
return (IsAuthenticated(),)
def get_permissions(self):
if self.action == 'create':
return (IsAuthenticated(), )
if self.action in ['update', 'partial_update', 'delete']:
return (IsSuperUserOrReadOnly(), )
return (AllowAny(), )
def get_permissions(self):
if self.action in [
'create_order',
]:
return [IsAuthenticated(),]
return [AllowAny(),]
def get_permissions(self):
if self.action in (
"update",
"destroy",
):
return (IsAuthenticated(), )
return (AllowAny(), )
def get_permissions(self):
if self.request.method == 'GET':
# check user is in group 1 (User)
if User.objects.filter(username=self.request.user.username,
groups=(1, )):
return IsAuthenticated(), IsOwner(),
return AllowAny(),
elif self.request.method == 'PUT':
# check user is in group 1 (User)
if User.objects.filter(username=self.request.user.username,
groups=(1, )):
return IsAuthenticated(), IsOwner(),
# check user is in group 2 (Manager)
elif User.objects.filter(username=self.request.user.username,
groups=(2, )):
return IsAuthenticated(),
# admin rights
return IsAdminUser(),
elif self.request.method == "DELETE":
# check user is in group 2 (Manager)
if User.objects.filter(username=self.request.user.username,
groups=(2, )):
return IsAuthenticated(),
# admin rights
return IsAdminUser(),
def get_permissions(self):
permissions_bucket = ["update","create"]
if self.action in permissions_bucket:
return [IsAuthenticated()]
else:
return [AllowAny()]
#return super(self, Episode_ViewSet).get_permissions()
def get_permissions(self):
if self.action == 'create':
return [IsAuthenticated(), ]
elif self.action == 'update' or self.action == 'partial_update' or self.action == 'destroy':
return [ShopEditDelete(), ]
else :
return [AllowAny(), ]
def get_permissions(self):
"""Получение прав для действий."""
if self.action in ["create", "update", "partial_update", "destroy"]:
return [IsAdminUser()]
if self.action in ["list", "retrieve"]:
return [AllowAny()]
return []
def get_permissions(self):
print(self.action)
print(self.request.method)
if self.action in ['list', 'retrieve']: # self.request.method == "GET"
return [GETModelPermissions()]
else:
return [AllowAny()]
def get_permissions(self):
if self.request.method == 'GET':
return [
AllowAny(),
]
else:
return [IsAuthenticated(), IsSuperUserPermission()]
def get_permissions(self):
# 注意要加用 AllowAny() / IsAuthenticated() 实例化出对象
# 而不是 AllowAny / IsAuthenticated 这样只是一个类名
if self.action == 'create':
return [IsAuthenticated()]
if self.action in ['destroy', 'update']:
return [IsAuthenticated(), IsObjectOwner()]
return [AllowAny()]
def get_permissions(self):
print(self.action)
print(self.request.method)
if self.action in ['create', 'update',
'destroy']: # self.request.method == "GET"
return [GETModelPermissions()]
else:
return [AllowAny()]
def get_permissions(self):
if self.action == 'list':
return [
IsAuthenticated(),
]
return [
AllowAny(),
]
def get_permissions(self):
# AllowAny() / IsAuthenticated() generate an object instance
# not AllowAny / IsAuthenticated, this is just a class name
if self.action == 'create':
return [IsAuthenticated()]
if self.action in ['destroy', 'update']:
return [IsAuthenticated(), IsObjectOwner()]
return [AllowAny()]
def get_permissions(self):
if self.action in ['list', 'by_town', 'retrieve']:
return [AllowAny()]
if self.action == 'create':
return [Or(IsAdminUser, IsStaff)]
if self.action in ['update']:
return [Or(IsAdminUser, IsStaff, IsOwnerRestaurantAdministrator)]
return [IsAdminUser]
def get_permissions(self):
# we need to use AllowAny() / IsAuthenticated() to instantiate an object
# rather than using AllowAny / IsAuthenticated such class names
if self.action == 'create':
return [IsAuthenticated()]
if self.action in ['destroy', 'update']:
return [IsAuthenticated(), IsObjectOwner()]
return [AllowAny()]
def get_permissions(self):
if self.action in ['update']:
return [IsOwnerUser()]
elif self.action in ['retrieve']:
return [
AllowAny(),
]
return super(LessonViewSet, self).get_permissions()
def get_permissions(self):
if self.action == 'create': # create는 로그인 없이도 가능
return [AllowAny()]
elif self.action in ['update',
'destroy']: # update와 destroy는 자기가 등록한 것만 가능
return [IsOwner()]
return super().get_permissions()
def get_permissions(self):
# allow non-authenticated user to create via POST
if self.request.method == 'POST':
return (AllowAny()),
elif self.request.method == 'GET':
return (IsLocalStaffOrTargetUser()),
else:
return (IsLocalStaffOrOwner()),
