Mercurial Mercurial > irinotes / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/notes/api/permissions/auth.py
author ymh <ymh.work@gmail.com>
Fri, 30 Nov 2018 10:53:15 +0100
changeset 183 f8f3af9e5c83
parent 142 56850f5c73f6
permissions -rw-r--r--
Change the settings to avoid using Session authentication for rest framework as it raise exceptions in case client and backend are on the same domain On the filter, adapt to take into account new version of django_filters

"""
Permissions for auth objects
"""
import logging

from rest_framework import permissions
from rest_framework.permissions import BasePermission

logger = logging.getLogger(__name__)


class GroupPermission(BasePermission):
    """
    Pemissions for Groups objects
    """

    def has_permission(self, request, view):
        return request.user and request.user.is_authenticated


    def has_object_permission(self, request, view, obj):
        if request.method not in permissions.SAFE_METHODS:
            return request.user == obj.profile.owner
        return True
irinotes