def get_permissions(self): if self.action in ('retrieve', 'list', 'comment_list', 'main', 'trending'): return (AllowAny(), ) elif self.request.method.lower() == 'options': return (AllowAny(), ) # Allow CORS preflight request return self.permission_classes
def get_permissions(self): if self.request.method == 'DELETE': return [IsAdminUser()] elif self.request.method == 'POST': return [AllowAny()] else: return [AllowAny()]
def get_permissions(self): if self.action == 'create': return [AllowAny()] elif self.action in ['update', 'destroy']: return [AllowAny()] return super().get_permissions()
def get_permissions(self): if self.action == 'retrieve': return [IsAuthenticated()] elif self.action == 'create': return [AllowAny()] elif self.action == 'updata' or 'destory': return [IsAuthenticated()] return [AllowAny()]
def get_permissions(self): if self.action == 'create': return [AllowAny()] elif self.action in ['update', 'destroy', 'retrieve']: return [IsOwner()] elif self.action == 'login': return [AllowAny()] return super().get_permissions()
def get_permissions(self): if self.action in ('create', 'login'): return [AllowAny()] elif self.name == 'Login': return [AllowAny()] if self.action == 'deactivate': return [IsUserSelf()] return super().get_permissions()
def get_permissions(self): # allow non-authenticated user to create via POST # TODO: This needs to be more strict. POST && request # URL = /api/v1/users for instance. Same for activate. resolver = self.request.resolver_match view_name = resolver.view_name if self.request.method == 'POST': return (AllowAny(), ) elif self.request.method == 'PUT' and view_name != 'user-self': return (AllowAny(), ) else: return (TokenHasReadWriteScope(), )
def get_permissions(self): if self.request.method in SAFE_METHODS: # Authentication isn't needed for safe methods like GET return (AllowAny(), ) if self.request.method == 'POST': # Authentication isn't needed when creating a new account. return (AllowAny(), ) # Authentication is needed for updates to Account object. return ( IsAuthenticated(), IsAccountOwner(), )
def get_permissions(self): if self.request.method in SAFE_METHODS: return [AllowAny()] elif self.request.method == 'POST': return [IsAuthenticated()] else: return [DjangoModelPermissions()]
def get_permissions(self): if self.request.method == 'DELETE': return [IsAdminUser()] if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET': return [AllowAny()] return [IsAuthenticated()]
def get_permissions(self): if self.request.method == 'GET': return [AllowAny()] if self.request.method == 'DELETE': return [IsAdminUser()] return [IsAuthenticated()]
def get_permissions(self): if self.request.method == 'GET': return (AllowAny(), ) elif self.request.method == "DELETE": return (IsAdminUser(), ) else: return (IsAuthenticated(),)
def get_permissions(self): if self.action == 'create': return (IsAuthenticated(), ) if self.action in ['update', 'partial_update', 'delete']: return (IsSuperUserOrReadOnly(), ) return (AllowAny(), )
def get_permissions(self): if self.action in [ 'create_order', ]: return [IsAuthenticated(),] return [AllowAny(),]
def get_permissions(self): if self.action in ( "update", "destroy", ): return (IsAuthenticated(), ) return (AllowAny(), )
def get_permissions(self): if self.request.method == 'GET': # check user is in group 1 (User) if User.objects.filter(username=self.request.user.username, groups=(1, )): return IsAuthenticated(), IsOwner(), return AllowAny(), elif self.request.method == 'PUT': # check user is in group 1 (User) if User.objects.filter(username=self.request.user.username, groups=(1, )): return IsAuthenticated(), IsOwner(), # check user is in group 2 (Manager) elif User.objects.filter(username=self.request.user.username, groups=(2, )): return IsAuthenticated(), # admin rights return IsAdminUser(), elif self.request.method == "DELETE": # check user is in group 2 (Manager) if User.objects.filter(username=self.request.user.username, groups=(2, )): return IsAuthenticated(), # admin rights return IsAdminUser(),
def get_permissions(self): permissions_bucket = ["update","create"] if self.action in permissions_bucket: return [IsAuthenticated()] else: return [AllowAny()] #return super(self, Episode_ViewSet).get_permissions()
def get_permissions(self): if self.action == 'create': return [IsAuthenticated(), ] elif self.action == 'update' or self.action == 'partial_update' or self.action == 'destroy': return [ShopEditDelete(), ] else : return [AllowAny(), ]
def get_permissions(self): """Получение прав для действий.""" if self.action in ["create", "update", "partial_update", "destroy"]: return [IsAdminUser()] if self.action in ["list", "retrieve"]: return [AllowAny()] return []
def get_permissions(self): print(self.action) print(self.request.method) if self.action in ['list', 'retrieve']: # self.request.method == "GET" return [GETModelPermissions()] else: return [AllowAny()]
def get_permissions(self): if self.request.method == 'GET': return [ AllowAny(), ] else: return [IsAuthenticated(), IsSuperUserPermission()]
def get_permissions(self): # 注意要加用 AllowAny() / IsAuthenticated() 实例化出对象 # 而不是 AllowAny / IsAuthenticated 这样只是一个类名 if self.action == 'create': return [IsAuthenticated()] if self.action in ['destroy', 'update']: return [IsAuthenticated(), IsObjectOwner()] return [AllowAny()]
def get_permissions(self): print(self.action) print(self.request.method) if self.action in ['create', 'update', 'destroy']: # self.request.method == "GET" return [GETModelPermissions()] else: return [AllowAny()]
def get_permissions(self): if self.action == 'list': return [ IsAuthenticated(), ] return [ AllowAny(), ]
def get_permissions(self): # AllowAny() / IsAuthenticated() generate an object instance # not AllowAny / IsAuthenticated, this is just a class name if self.action == 'create': return [IsAuthenticated()] if self.action in ['destroy', 'update']: return [IsAuthenticated(), IsObjectOwner()] return [AllowAny()]
def get_permissions(self): if self.action in ['list', 'by_town', 'retrieve']: return [AllowAny()] if self.action == 'create': return [Or(IsAdminUser, IsStaff)] if self.action in ['update']: return [Or(IsAdminUser, IsStaff, IsOwnerRestaurantAdministrator)] return [IsAdminUser]
def get_permissions(self): # we need to use AllowAny() / IsAuthenticated() to instantiate an object # rather than using AllowAny / IsAuthenticated such class names if self.action == 'create': return [IsAuthenticated()] if self.action in ['destroy', 'update']: return [IsAuthenticated(), IsObjectOwner()] return [AllowAny()]
def get_permissions(self): if self.action in ['update']: return [IsOwnerUser()] elif self.action in ['retrieve']: return [ AllowAny(), ] return super(LessonViewSet, self).get_permissions()
def get_permissions(self): if self.action == 'create': # create는 로그인 없이도 가능 return [AllowAny()] elif self.action in ['update', 'destroy']: # update와 destroy는 자기가 등록한 것만 가능 return [IsOwner()] return super().get_permissions()
def get_permissions(self): # allow non-authenticated user to create via POST if self.request.method == 'POST': return (AllowAny()), elif self.request.method == 'GET': return (IsLocalStaffOrTargetUser()), else: return (IsLocalStaffOrOwner()),