def get_permissions(self): if self.action == 'list': return [ IsAdminUser(), ] if self.action == 'create': return [ IsAuthenticated(), ] if self.action == 'retrieve': return [ IsAdminUser(), ] if self.action == 'update': return [ IsAdminUser(), ] if self.action == 'partial_update': return [ IsAdminUser(), ] if self.action == 'destroy': return [ IsAdminUser(), ] return super(answerticketViewset, self).get_permissions()
def get_permissions(self): if self.request.method == 'GET': # check user is in group 1 (User) if User.objects.filter(username=self.request.user.username, groups=(1, )): return IsAuthenticated(), IsOwner(), return AllowAny(), elif self.request.method == 'PUT': # check user is in group 1 (User) if User.objects.filter(username=self.request.user.username, groups=(1, )): return IsAuthenticated(), IsOwner(), # check user is in group 2 (Manager) elif User.objects.filter(username=self.request.user.username, groups=(2, )): return IsAuthenticated(), # admin rights return IsAdminUser(), elif self.request.method == "DELETE": # check user is in group 2 (Manager) if User.objects.filter(username=self.request.user.username, groups=(2, )): return IsAuthenticated(), # admin rights return IsAdminUser(),
def test_post_with_permission(self): request = self.factory.post('/api/project', { 'title': 'test', 'description': 'some text', 'technology': 'django' }) request.user = self.admin_user permission_check = IsAdminUser() permission = permission_check.has_permission(request, None) self.assertTrue(permission)
def get_permissions(self): if self.request.method == 'GET': return AllowAny(), elif self.request.method == 'PUT': if User.objects.filter(username=self.request.user.username, groups=(2, )): return IsAuthenticated(), return IsAdminUser(), elif self.request.method == 'DELETE': return IsAdminUser(),
def get_permissions(self): if self.request.method == 'GET': return IsAuthenticated(), elif self.request.user.role == 1: return IsAuthenticated(), else: return IsAdminUser(),
def get_permissions(self): todo_id = self.kwargs.get('pk') todo = get_object_or_404(TodoModel, pk=todo_id) pk = todo.user.id if self.request.user.id != pk: return [IsAdminUser()] return [IsAuthenticated()]
def get_permissions(self): if self.action == 'create': return [ IsAuthenticated(), ] elif self.action == 'destroy': return [IsAuthenticated(), IsAdminUser()]
def has_object_permission(self, request, view, obj): if request.user and request.user == obj: return bool( request.user == obj ) else: return IsAdminUser().has_permission(request, view)
def get_permissions(self): """Получение прав для действий.""" if self.action in ["create", "update", "partial_update", "destroy"]: return [IsAdminUser()] if self.action in ["list", "retrieve"]: return [AllowAny()] return []
def get_permissions(self): if self.request.method == 'DELETE': return [IsAdminUser()] if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET': return [AllowAny()] return [IsAuthenticated()]
def get_permissions(self): permissions = [IsAuthenticated(), IsNotHacker()] if self.action in ['create', 'update', 'partial_update', 'destroy']: permissions += [IsAdminUser()] elif self.action == 'retrieve': permissions += [IsOddProductID()] return permissions
def get_permissions(self): if self.request.method == 'DELETE': return [IsAdminUser()] elif self.request.method == 'POST': return [AllowAny()] else: return [IsStaffOrTargetUser()]
def get_permissions(self): if self.request.method == 'GET': return (AllowAny(), ) elif self.request.method == "DELETE": return (IsAdminUser(), ) else: return (IsAuthenticated(),)
def get_permissions(self): if self.request.method == 'GET': return [AllowAny()] if self.request.method == 'DELETE': return [IsAdminUser()] return [IsAuthenticated()]
def get_permissions(self): """Получение прав для действий.""" if self.action == "create": return [IsAuthenticated()] if self.action in ["update", "partial_update", "destroy"]: return [IsAdminUser()] return []
def get_permissions(self): """ Check request method and get some permissions :return: Some permissions classes """ if self.request.method in ['PUT', 'DELETE']: return [IsAdminUser()] return super(UserViewSet, self).get_permissions()
def get_permissions(self): if self.action in ['list']: return [IsAdminUser()] elif self.action in ['list_mine', 'create']: return [IsAuthenticated()] elif self.action in ['update', 'partial_update', 'delete']: return [IsAuthenticated(), IsOwnerOrAdmin()] return super(ContentViewSet, self).get_permissions()
def get_permissions(self): if self.request.method == 'GET': return [permissions.IsAuthenticated(), ReadOnlyOrAdmin()] elif self.request.method == 'POST': return ( permissions.IsAuthenticated(), IsAdminUser(), )
def get_permissions(self): """Получение прав для действий.""" if self.action == "create": return [IsAuthenticated()] elif self.action in ["partial_update", "update", 'destroy']: return [IsAuthenticated(), IsAdminUser()] else: return super(OrderViewSet, self).get_permissions()
def get_permissions(self): if self.request.user.is_anonymous: return IsAuthenticated(), if self.request.user.is_admin: return IsAuthenticated(), return IsAdminUser(),
def get_permissions(self): """ Anybody, including anonymous users can read. Only staff users can update. """ if self.request.method == 'GET': return [AllowAny()] return [IsAdminUser()]
def get_permissions(self): """Override get_permissions so only admins can create new stocks""" is_admin = IsAdminUser() is_authenticated = IsAuthenticated() if self.request.method == 'POST': return [is_admin] else: return [is_authenticated]
def get_permissions(self): if self.request.method in ['GET']: return [CanViewParentDictionary(), ] if self.request.method == 'DELETE' and self.is_hard_delete_requested(): return [IsAdminUser(), ] return [CanEditParentDictionary(), ]
def get_permissions(self): permissions = super().get_permissions() # IsAuthenticated - класс разрешения, требующий аутентификацию # добавляем его объект IsAuthenticated() к разрешениям только # для "опасных" методов - добавление, редактирование, удаление данных if self.request.method in ["POST", "DELETE", "PUT", "PATCH"]: permissions.append(IsAuthenticated(), IsAdminUser()) return permissions
def get_permissions(self): """Получение прав для действий.""" if self.action in ["create"]: return [IsAuthenticated()] if self.action in ["list"]: return [IsAdminUser()] if self.action in ["retrieve", "update", "partial_update", "destroy"]: return [IsOwnerOrAdmin()] return []
def get_permissions(self): if self.action in ['create', 'destroy']: return [IsAdminUser()] if self.action in ['update', 'partial_update']: return [IsOwner()] return []
def has_permission(self, request, view): if view.action == 'create': permission_cls = IsAuthenticated() return permission_cls.has_permission(request=request, view=view) elif view.action == 'list': permission_cls = IsAdminUser() return permission_cls.has_permission(request=request, view=view) else: return False
def get_permissions(self): if self.request.method == 'GET': return AllowAny(), elif self.request.method in ( 'PUT', 'DELETE', ): return IsAdminUser(),
def get_permissions(self): if self.action in ['update', 'partial_update', 'destroy']: return [IsAdminUser()] elif self.action in ['create']: return [IsAuthenticated()] elif self.action in ['retrieve']: return [IsOwner()] elif self.action in ['list']: return [IsAuthenticated()]
def get(self, request, *args, **kwargs): try: queryset = self.get_queryset() if not IsAdminUser().has_permission(request, self): queryset = queryset.filter(is_active=True) result = chain_filter_it(request, queryset) except TreeFilterException as error: return Response({'message': error.message}, status=error.status) serializer = TreeGETShortSerializer(result, many=True) return Response(serializer.data)