spradio-server-django/savepointradio/api/permissions.py

from rest_framework import permissions


class IsAdminOrOwner(permissions.BasePermission):
    message = 'Only an admin user or owner can access this.'

    def has_object_permission(self, request, view, obj):
        if request.user.is_authenticated():
            return request.user.is_staff or request.user == obj.user
        else:
            return False


class IsAdminOrReadOnly(permissions.BasePermission):
    message = 'Only an admin user can make changes.'

    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            return (request.user.is_authenticated and
                    request.user.is_staff and
                    not request.user.is_dj)


class IsAdminOwnerOrReadOnly(permissions.BasePermission):
    message = 'Only an admin user or the owner can change this object.'

    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            if request.user.is_authenticated:
                return ((request.user.is_staff or
                         request.user == obj.user) and
                        not request.user.is_dj)
            else:
                return False


class IsDJ(permissions.BasePermission):
    message = 'Only the DJ can request the next song.'

    def has_permission(self, request, view):
        if request.user.is_authenticated:
            return request.user.is_dj
        else:
            return False


class IsAuthenticatedAndNotDJ(permissions.BasePermission):
    message = 'Only an authenticated user can make changes to this object.'

    def has_permission(self, request, view):
        if request.user.is_authenticated:
            return not request.user.is_dj
        else:
            return False
Add custom permissions and apply them to radio API views. 2018-03-28 20:56:53 +00:00			`from rest_framework import permissions`


			`class IsAdminOrOwner(permissions.BasePermission):`
			`message = 'Only an admin user or owner can access this.'`

			`def has_object_permission(self, request, view, obj):`
			`if request.user.is_authenticated():`
			`return request.user.is_staff or request.user == obj.user`
			`else:`
			`return False`


			`class IsAdminOrReadOnly(permissions.BasePermission):`
			`message = 'Only an admin user can make changes.'`

			`def has_permission(self, request, view):`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`
			`else:`
Don't include the DJ for create/modify permissions. 2018-04-03 20:23:48 +00:00			`return (request.user.is_authenticated and`
			`request.user.is_staff and`
			`not request.user.is_dj)`
Add custom permissions and apply them to radio API views. 2018-03-28 20:56:53 +00:00

			`class IsAdminOwnerOrReadOnly(permissions.BasePermission):`
			`message = 'Only an admin user or the owner can change this object.'`

			`def has_object_permission(self, request, view, obj):`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`
			`else:`
			`if request.user.is_authenticated:`
Logic error in checking for DJ user. 2018-04-06 16:19:51 +00:00			`return ((request.user.is_staff or`
New permission to exclude DJ. 2018-04-09 16:08:23 +00:00			`request.user == obj.user) and`
Don't include the DJ for create/modify permissions. 2018-04-03 20:23:48 +00:00			`not request.user.is_dj)`
Add custom permissions and apply them to radio API views. 2018-03-28 20:56:53 +00:00			`else:`
			`return False`


			`class IsDJ(permissions.BasePermission):`
			`message = 'Only the DJ can request the next song.'`

			`def has_permission(self, request, view):`
			`if request.user.is_authenticated:`
			`return request.user.is_dj`
			`else:`
			`return False`
New permission to exclude DJ. 2018-04-09 16:08:23 +00:00

			`class IsAuthenticatedAndNotDJ(permissions.BasePermission):`
			`message = 'Only an authenticated user can make changes to this object.'`

			`def has_permission(self, request, view):`
			`if request.user.is_authenticated:`
			`return not request.user.is_dj`
			`else:`
			`return False`