spradio-server-django/savepointradio/api/permissions.py

59 lines
1.8 KiB
Python
Raw Normal View History

from rest_framework import permissions
class IsAdminOrOwner(permissions.BasePermission):
message = 'Only an admin user or owner can access this.'
def has_object_permission(self, request, view, obj):
if request.user.is_authenticated():
return request.user.is_staff or request.user == obj.user
else:
return False
class IsAdminOrReadOnly(permissions.BasePermission):
message = 'Only an admin user can make changes.'
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
return True
else:
return (request.user.is_authenticated and
request.user.is_staff and
not request.user.is_dj)
class IsAdminOwnerOrReadOnly(permissions.BasePermission):
message = 'Only an admin user or the owner can change this object.'
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
else:
if request.user.is_authenticated:
2018-04-06 16:19:51 +00:00
return ((request.user.is_staff or
2018-04-09 16:08:23 +00:00
request.user == obj.user) and
not request.user.is_dj)
else:
return False
class IsDJ(permissions.BasePermission):
message = 'Only the DJ can request the next song.'
def has_permission(self, request, view):
if request.user.is_authenticated:
return request.user.is_dj
else:
return False
2018-04-09 16:08:23 +00:00
class IsAuthenticatedAndNotDJ(permissions.BasePermission):
message = 'Only an authenticated user can make changes to this object.'
def has_permission(self, request, view):
if request.user.is_authenticated:
return not request.user.is_dj
else:
return False