1 """

     2 Permissions for core objects

     3 """

     4 import logging

     5 

     6 from rest_framework.permissions import IsAuthenticated

     7 

     8 from notes.models import Session

     9 

    10 logger = logging.getLogger(__name__)

    11 

    12 class SessionPermission(IsAuthenticated):

    13     """

    14     Pemissions for sessions

    15     """

    16 

    17     def has_object_permission(self, request, view, obj):

    18         return request.user == obj.owner

    19 

    20 

    21 class NotePermission(IsAuthenticated):

    22     """

    23     Permissions for notes

    24     """

    25 

    26     def has_permission(self, request, view):

    27         """

    28         Return `True` if permission is granted, `False` otherwise.

    29         """

    30         is_authenticated = super().has_permission(request, view)

    31         if not is_authenticated:

    32             return False

    33         session_ext_id = view.kwargs.get('session_ext_id')

    34         if is_authenticated and session_ext_id:

    35             return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()

    36         else:

    37             return True

    38