def has_permission(self, request, view): if view.action == 'create': permission_cls = IsAuthenticated() return permission_cls.has_permission(request=request, view=view) elif view.action == 'list': permission_cls = IsAdminUser() return permission_cls.has_permission(request=request, view=view) else: return False
def has_permission(self, request, view): if view.action in ('retrieve', 'partial_update', 'destroy'): return IsAuthenticated.has_permission(None, request, view) elif view.action == 'list': return bool( IsAuthenticated.has_permission(None, request, view) and IsAdminUser.has_permission(None, request, view)) elif view.action == 'create': return True
def update(self, request, *args, **kwargs): isAuth=IsAuthenticated() if isAuth.has_permission(request,self): if request.user == Event.objects.filter(id=kwargs.get("pk")).first().holder: saved_file_url = "" # print(request.data) # json = request.data.get('user') # print(str(json)) # jsonDecoder = JSONDecoder() # json = jsonDecoder.decode(json) # print(json) # image = request.data.get('file') if request.FILES.get("header_image"): myfile = request.FILES['header_image'] fs = FileSystemStorage() filename = fs.save(myfile.name, myfile) saved_file_url = Backtory.upload_file(open(join(settings.MEDIA_ROOT, filename), 'rb')) fs.delete(filename) partial = kwargs.pop('partial', False) instance = self.get_object() serializer = CreateEventSerializer(instance, data=request.data, partial=partial,context={"image":saved_file_url}) serializer.is_valid(raise_exception=True) s=serializer.save(header_image=saved_file_url) if getattr(instance, '_prefetched_objects_cache', None): instance._prefetched_objects_cache = {} return Response(GetEventSerializers(instance=s).data) return Response("Access Denied") return Response("not authorized")
def has_permission(self, request, view): """ Check if the user is authenticated and employee or read-only. This permission will also provide (full) access to the administrator. :param request: The current request instance :type request: rest_framework.request.Request :param view: The current view instance :type view: rest_framework.views.APIView :return: Whether the permission was granted or not :rtype: bool """ if not IsAuthenticated.has_permission(self, request, view): return False if ( is_management(request.user, False) or is_employer(request.user, False) ): return request.method.upper() in ( 'GET', 'HEAD', 'OPTIONS', 'TRACE' ) return is_employee(request.user)
def has_permission(self, request, view): """Enable the restrived API access mode, which only allows authenticated users, or allow readonly access. """ if settings.RESTRICT_API: permission = IsAuthenticated() else: permission = IsAuthenticatedOrReadOnly() return permission.has_permission(request, view)
def print_debug_message(self, request): print('============ {}: {}'.format(request.method, request.build_absolute_uri())) print('header --%s--' % request.META.get('HTTP_AUTHORIZATION')) print('AllowAny:', AllowAny.has_permission(self, request, view)) print('IsAuthenticatedOrReadOnly:', IsAuthenticatedOrReadOnly.has_permission(self, request, view)) print('IsAuthenticated:', IsAuthenticated.has_permission(self, request, view)) print('IsAdminUser:'******'request.user', request.user) print('request user is auth', request.user.is_authenticated) print('request user is staff', request.user.is_staff) print('request user is super', request.user.is_superuser)
def has_permission(self, request, view): """ Check if the current user has any of the predefined groups. :param request: The current request instance :type request: rest_framework.request.Request :param view: The current view instance :type view: rest_framework.views.APIView :return: Whether the permission was granted or not :rtype: bool """ return ( IsAuthenticated.has_permission(self, request, view) and request.user.group_id in Groups.__iter__() )
def has_permission(self, request, view): """ Check if the user is authenticated and a employer. This permission will also provide (full) access to the administrator. :param request: The current request instance :type request: rest_framework.request.Request :param view: The current view instance :type view: rest_framework.views.APIView :return: Whether the permission was granted or not :rtype: bool """ return ( IsAuthenticated.has_permission(self, request, view) and is_employer(request.user) )
def has_permission(self, request, view): is_admin = super().has_permission(request, view) is_authenticated = IsAuthenticated.has_permission(self, request, view) return is_authenticated and request.method in SAFE_METHODS or is_admin
def has_permission(self, request, view): if request.method in permissions.SAFE_METHODS: return True else: return IsAuthenticated.has_permission(self, request, view)