Mercurial Mercurial > irinotes / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/notes/api/permissions/core.py
author ymh <ymh.work@gmail.com>
Tue, 18 Jul 2017 17:08:27 +0200
changeset 117 9864fe2067cd
parent 31 63be3ce389f7
child 119 8ff8e2aee0f9
permissions -rw-r--r--
Add api endpoints for group management

"""
Permissions for core objects
"""
import logging

from rest_framework.permissions import IsAuthenticated

from notes.models import Session

logger = logging.getLogger(__name__)

class SessionPermission(IsAuthenticated):
    """
    Pemissions for sessions
    """

    def has_object_permission(self, request, view, obj):
        return request.user == obj.owner

class NotePermission(IsAuthenticated):
    """
    Permissions for notes
    """

    def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        is_authenticated = super().has_permission(request, view)
        if not is_authenticated:
            return False
        session_ext_id = view.kwargs.get('session_ext_id')
        if is_authenticated and session_ext_id:
            return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()
        else:
            return True
irinotes