def has_permission(self, request, view):
"""
Return `True` if permission is granted, `False` otherwise.
"""
if request.method in permissions.SAFE_METHODS:
# Check permissions for read-only request
return request.user.is_staff or is_user_in_groups(
request.user, ['Partnership Manager'])
else:
return is_user_in_groups(request.user, ['Partnership Manager'])
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
# Check permissions for read-only request
return self._has_access_permissions(request.user, obj)
else:
# Check permissions for write request
return self._has_access_permissions(request.user, obj) and \
is_user_in_groups(request.user, ['Partnership Manager'])
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
# Check permissions for read-only request
return self._has_access_permissions(request.user, obj)
else:
# Check permissions for write request
return self._has_access_permissions(
request.user, obj) and is_user_in_groups(
request.user,
['Partnership Manager', 'Senior Management Team'])
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
if request.user.is_authenticated:
if request.user.is_staff or is_user_in_groups(
request.user, [READ_ONLY_API_GROUP_NAME]):
return True
return False
elif request.method == 'POST':
# user must have have admin access
return request.user.is_authenticated and request.user.is_staff
else:
# This class shouldn't see methods other than GET and POST, but regardless the answer is 'no you may not'.
return False
def _has_access_permissions(self, user, obj):
'''True if --
- user is staff OR
- user is 'Partnership Manager' group member OR
- user is listed as a partner staff member on the object, assuming the object has a partner attribute
'''
has_access = user.is_staff or is_user_in_groups(
user, ['Partnership Manager'])
has_access = has_access or \
(hasattr(obj, 'partner') and
user.profile.partner_staff_member in obj.partner.staff_members.values_list('id', flat=True))
return has_access
def _has_write_permissions(self, user):
'''True if --
- user is 'PME' group member
'''
return is_user_in_groups(user, ['PME'])
