| author | ymh <ymh.work@gmail.com> |
| Wed, 28 Nov 2018 15:45:37 +0100 | |
| changeset 180 | 62bffc051e1c |
| parent 119 | 8ff8e2aee0f9 |
| permissions | -rw-r--r-- |
| 31 | 1 |
""" |
2 |
Permissions for core objects |
|
3 |
""" |
|
4 |
import logging |
|
5 |
||
6 |
from rest_framework.permissions import IsAuthenticated |
|
7 |
||
8 |
from notes.models import Session |
|
9 |
||
10 |
logger = logging.getLogger(__name__) |
|
11 |
||
12 |
class SessionPermission(IsAuthenticated): |
|
13 |
""" |
|
14 |
Pemissions for sessions |
|
15 |
""" |
|
16 |
||
17 |
def has_object_permission(self, request, view, obj): |
|
18 |
return request.user == obj.owner |
|
19 |
||
20 |
class NotePermission(IsAuthenticated): |
|
21 |
""" |
|
22 |
Permissions for notes |
|
23 |
""" |
|
24 |
||
25 |
def has_permission(self, request, view): |
|
26 |
""" |
|
27 |
Return `True` if permission is granted, `False` otherwise. |
|
28 |
""" |
|
29 |
is_authenticated = super().has_permission(request, view) |
|
30 |
if not is_authenticated: |
|
31 |
return False |
|
32 |
session_ext_id = view.kwargs.get('session_ext_id') |
|
33 |
if is_authenticated and session_ext_id: |
|
34 |
return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists() |
|
35 |
else: |
|
36 |
return True |
|
37 |
||
|
119
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
38 |
class RootNotePermission(IsAuthenticated): |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
39 |
""" |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
40 |
Permissions for notes |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
41 |
""" |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
42 |
|
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
43 |
def has_permission(self, request, view): |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
44 |
""" |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
45 |
Return `True` if permission is granted, `False` otherwise. |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
46 |
""" |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
47 |
is_authenticated = super().has_permission(request, view) |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
48 |
return is_authenticated |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
49 |
# if not is_authenticated: |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
50 |
# return False |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
51 |
# session_ext_id = view.kwargs.get('session_ext_id') |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
52 |
# if is_authenticated and session_ext_id: |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
53 |
# return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists() |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
54 |
# else: |
|
8ff8e2aee0f9
add parameter to filter session and note by updated date. Add pagination on sessions and notes. add read only endpoint at root level to list notes
ymh <ymh.work@gmail.com>
parents:
117
diff
changeset
|
55 |
# return True |