irinotes: src/notes/api/permissions/core.py@a24f6bf72f6a


"""
Permissions for core objects
"""
import logging

from rest_framework.permissions import IsAuthenticated

from notes.models import Session

logger = logging.getLogger(__name__)

class SessionPermission(IsAuthenticated):
    """
    Pemissions for sessions
    """

    def has_object_permission(self, request, view, obj):
        return request.user == obj.owner

class NotePermission(IsAuthenticated):
    """
    Permissions for notes
    """

    def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        is_authenticated = super().has_permission(request, view)
        if not is_authenticated:
            return False
        session_ext_id = view.kwargs.get('session_ext_id')
        if is_authenticated and session_ext_id:
            return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()
        else:
            return True

class RootNotePermission(IsAuthenticated):
    """
    Permissions for notes
    """

    def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        is_authenticated = super().has_permission(request, view)
        return is_authenticated
        # if not is_authenticated:
        #     return False
        # session_ext_id = view.kwargs.get('session_ext_id')
        # if is_authenticated and session_ext_id:
        #     return Session.objects.filter(ext_id=session_ext_id, owner=request.user).exists()
        # else:
        #     return True

author	ymh <ymh.work@gmail.com>
	Sun, 25 Nov 2018 21:18:55 +0100
changeset 176	a24f6bf72f6a
parent 119	8ff8e2aee0f9
permissions	-rw-r--r--