def has_permission(self, request, view): """ Return `True` if permission is granted, `False` otherwise. """ if request.method in permissions.SAFE_METHODS: # Check permissions for read-only request return request.user.is_staff or is_user_in_groups( request.user, ['Partnership Manager']) else: return is_user_in_groups(request.user, ['Partnership Manager'])
def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: # Check permissions for read-only request return self._has_access_permissions(request.user, obj) else: # Check permissions for write request return self._has_access_permissions(request.user, obj) and \ is_user_in_groups(request.user, ['Partnership Manager'])
def has_object_permission(self, request, view, obj): if request.user.is_superuser: # Check permissions for read-only request return self._has_access_permissions(request.user, obj) else: # Check permissions for write request return self._has_access_permissions( request.user, obj) and is_user_in_groups( request.user, ['Partnership Manager', 'Senior Management Team'])
def has_permission(self, request, view): if request.method in permissions.SAFE_METHODS: if request.user.is_authenticated: if request.user.is_staff or is_user_in_groups( request.user, [READ_ONLY_API_GROUP_NAME]): return True return False elif request.method == 'POST': # user must have have admin access return request.user.is_authenticated and request.user.is_staff else: # This class shouldn't see methods other than GET and POST, but regardless the answer is 'no you may not'. return False
def _has_access_permissions(self, user, obj): '''True if -- - user is staff OR - user is 'Partnership Manager' group member OR - user is listed as a partner staff member on the object, assuming the object has a partner attribute ''' has_access = user.is_staff or is_user_in_groups( user, ['Partnership Manager']) has_access = has_access or \ (hasattr(obj, 'partner') and user.profile.partner_staff_member in obj.partner.staff_members.values_list('id', flat=True)) return has_access
def _has_write_permissions(self, user): '''True if -- - user is 'PME' group member ''' return is_user_in_groups(user, ['PME'])