def get_permissions(self):
if self.action == 'list':
return [
IsAdminUser(),
]
if self.action == 'create':
return [
IsAuthenticated(),
]
if self.action == 'retrieve':
return [
IsAdminUser(),
]
if self.action == 'update':
return [
IsAdminUser(),
]
if self.action == 'partial_update':
return [
IsAdminUser(),
]
if self.action == 'destroy':
return [
IsAdminUser(),
]
return super(answerticketViewset, self).get_permissions()
def get_permissions(self):
if self.request.method == 'GET':
# check user is in group 1 (User)
if User.objects.filter(username=self.request.user.username,
groups=(1, )):
return IsAuthenticated(), IsOwner(),
return AllowAny(),
elif self.request.method == 'PUT':
# check user is in group 1 (User)
if User.objects.filter(username=self.request.user.username,
groups=(1, )):
return IsAuthenticated(), IsOwner(),
# check user is in group 2 (Manager)
elif User.objects.filter(username=self.request.user.username,
groups=(2, )):
return IsAuthenticated(),
# admin rights
return IsAdminUser(),
elif self.request.method == "DELETE":
# check user is in group 2 (Manager)
if User.objects.filter(username=self.request.user.username,
groups=(2, )):
return IsAuthenticated(),
# admin rights
return IsAdminUser(),
def test_post_with_permission(self):
request = self.factory.post('/api/project', {
'title': 'test',
'description': 'some text',
'technology': 'django'
})
request.user = self.admin_user
permission_check = IsAdminUser()
permission = permission_check.has_permission(request, None)
self.assertTrue(permission)
def get_permissions(self):
if self.request.method == 'GET':
return AllowAny(),
elif self.request.method == 'PUT':
if User.objects.filter(username=self.request.user.username,
groups=(2, )):
return IsAuthenticated(),
return IsAdminUser(),
elif self.request.method == 'DELETE':
return IsAdminUser(),
def get_permissions(self):
if self.request.method == 'GET':
return IsAuthenticated(),
elif self.request.user.role == 1:
return IsAuthenticated(),
else:
return IsAdminUser(),
def get_permissions(self):
todo_id = self.kwargs.get('pk')
todo = get_object_or_404(TodoModel, pk=todo_id)
pk = todo.user.id
if self.request.user.id != pk:
return [IsAdminUser()]
return [IsAuthenticated()]
def get_permissions(self):
if self.action == 'create':
return [
IsAuthenticated(),
]
elif self.action == 'destroy':
return [IsAuthenticated(), IsAdminUser()]
def has_object_permission(self, request, view, obj):
if request.user and request.user == obj:
return bool(
request.user == obj
)
else:
return IsAdminUser().has_permission(request, view)
def get_permissions(self):
"""Получение прав для действий."""
if self.action in ["create", "update", "partial_update", "destroy"]:
return [IsAdminUser()]
if self.action in ["list", "retrieve"]:
return [AllowAny()]
return []
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
if self.request.query_params.get('includeVerificationToken') and self.request.method == 'GET':
return [AllowAny()]
return [IsAuthenticated()]
def get_permissions(self):
permissions = [IsAuthenticated(), IsNotHacker()]
if self.action in ['create', 'update', 'partial_update', 'destroy']:
permissions += [IsAdminUser()]
elif self.action == 'retrieve':
permissions += [IsOddProductID()]
return permissions
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
def get_permissions(self):
if self.request.method == 'GET':
return (AllowAny(), )
elif self.request.method == "DELETE":
return (IsAdminUser(), )
else:
return (IsAuthenticated(),)
def get_permissions(self):
if self.request.method == 'GET':
return [AllowAny()]
if self.request.method == 'DELETE':
return [IsAdminUser()]
return [IsAuthenticated()]
def get_permissions(self):
"""Получение прав для действий."""
if self.action == "create":
return [IsAuthenticated()]
if self.action in ["update", "partial_update", "destroy"]:
return [IsAdminUser()]
return []
def get_permissions(self):
"""
Check request method and get some permissions
:return: Some permissions classes
"""
if self.request.method in ['PUT', 'DELETE']:
return [IsAdminUser()]
return super(UserViewSet, self).get_permissions()
def get_permissions(self):
if self.action in ['list']:
return [IsAdminUser()]
elif self.action in ['list_mine', 'create']:
return [IsAuthenticated()]
elif self.action in ['update', 'partial_update', 'delete']:
return [IsAuthenticated(), IsOwnerOrAdmin()]
return super(ContentViewSet, self).get_permissions()
def get_permissions(self):
if self.request.method == 'GET':
return [permissions.IsAuthenticated(), ReadOnlyOrAdmin()]
elif self.request.method == 'POST':
return (
permissions.IsAuthenticated(),
IsAdminUser(),
)
def get_permissions(self):
"""Получение прав для действий."""
if self.action == "create":
return [IsAuthenticated()]
elif self.action in ["partial_update", "update", 'destroy']:
return [IsAuthenticated(), IsAdminUser()]
else:
return super(OrderViewSet, self).get_permissions()
def get_permissions(self):
if self.request.user.is_anonymous:
return IsAuthenticated(),
if self.request.user.is_admin:
return IsAuthenticated(),
return IsAdminUser(),
def get_permissions(self):
"""
Anybody, including anonymous users can read.
Only staff users can update.
"""
if self.request.method == 'GET':
return [AllowAny()]
return [IsAdminUser()]
def get_permissions(self):
"""Override get_permissions so only admins can create new stocks"""
is_admin = IsAdminUser()
is_authenticated = IsAuthenticated()
if self.request.method == 'POST':
return [is_admin]
else:
return [is_authenticated]
def get_permissions(self):
if self.request.method in ['GET']:
return [CanViewParentDictionary(), ]
if self.request.method == 'DELETE' and self.is_hard_delete_requested():
return [IsAdminUser(), ]
return [CanEditParentDictionary(), ]
def get_permissions(self):
permissions = super().get_permissions()
# IsAuthenticated - класс разрешения, требующий аутентификацию
# добавляем его объект IsAuthenticated() к разрешениям только
# для "опасных" методов - добавление, редактирование, удаление данных
if self.request.method in ["POST", "DELETE", "PUT", "PATCH"]:
permissions.append(IsAuthenticated(), IsAdminUser())
return permissions
def get_permissions(self):
"""Получение прав для действий."""
if self.action in ["create"]:
return [IsAuthenticated()]
if self.action in ["list"]:
return [IsAdminUser()]
if self.action in ["retrieve", "update", "partial_update", "destroy"]:
return [IsOwnerOrAdmin()]
return []
def get_permissions(self):
if self.action in ['create', 'destroy']:
return [IsAdminUser()]
if self.action in ['update', 'partial_update']:
return [IsOwner()]
return []
def has_permission(self, request, view):
if view.action == 'create':
permission_cls = IsAuthenticated()
return permission_cls.has_permission(request=request, view=view)
elif view.action == 'list':
permission_cls = IsAdminUser()
return permission_cls.has_permission(request=request, view=view)
else:
return False
def get_permissions(self):
if self.request.method == 'GET':
return AllowAny(),
elif self.request.method in (
'PUT',
'DELETE',
):
return IsAdminUser(),
def get_permissions(self):
if self.action in ['update', 'partial_update', 'destroy']:
return [IsAdminUser()]
elif self.action in ['create']:
return [IsAuthenticated()]
elif self.action in ['retrieve']:
return [IsOwner()]
elif self.action in ['list']:
return [IsAuthenticated()]
def get(self, request, *args, **kwargs):
try:
queryset = self.get_queryset()
if not IsAdminUser().has_permission(request, self):
queryset = queryset.filter(is_active=True)
result = chain_filter_it(request, queryset)
except TreeFilterException as error:
return Response({'message': error.message}, status=error.status)
serializer = TreeGETShortSerializer(result, many=True)
return Response(serializer.data)
