def dispatch(self, request, *args, **kwargs): self.comment = get_object_or_404(Comment, pk=self.kwargs.get('pk')) if not self.comment.is_flagged: raise PermissionDenied if not is_comment_admin(request.user) and not is_comment_moderator(request.user): raise PermissionDenied return super().dispatch(request, *args, **kwargs)
def has_object_permission(self, request, view, obj): # GET, HEAD or OPTIONS requests are SAFE_METHODS. if request.method in permissions.SAFE_METHODS: return True # PUT and DELETE permissions are allowed to the owner of the comment. if request.method == 'DELETE': # comment admin can delete other users comments return is_comment_admin(request.user) or obj.user == request.user return obj.user == request.user
def has_permission(self, request): return is_comment_admin(request.user) or is_comment_moderator( request.user)
def has_object_permission(self, request, obj): return request.user == obj.user or is_comment_admin(request.user) \ or (obj.is_flagged and is_comment_moderator(request.user))
def test_is_comment_admin_no_moderation(self): self.assertFalse(is_comment_admin(self.admin))
def has_permission(self, request, view): if not super().has_permission(request, view): return False return is_comment_admin(request.user) or is_comment_moderator( request.user)
def has_object_permission(self, request, view, obj): return obj.is_flagged and (is_comment_admin(request.user) or is_comment_moderator(request.user))
def can_delete_comment(comment, user): return is_comment_admin(user) or (comment.is_flagged and is_comment_moderator(user))
def test_flagging_and_blocking_disabled(self): self.assertIs(is_comment_admin(self.admin), False)
def test_one_moderation_system_enabled(self): self.assertIs(is_comment_admin(self.admin), True)