2018-03-28 20:56:53 +00:00
|
|
|
from rest_framework import permissions
|
|
|
|
|
|
|
|
|
|
|
|
class IsAdminOrOwner(permissions.BasePermission):
|
|
|
|
message = 'Only an admin user or owner can access this.'
|
|
|
|
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
if request.user.is_authenticated():
|
|
|
|
return request.user.is_staff or request.user == obj.user
|
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
class IsAdminOrReadOnly(permissions.BasePermission):
|
|
|
|
message = 'Only an admin user can make changes.'
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
if request.method in permissions.SAFE_METHODS:
|
|
|
|
return True
|
|
|
|
else:
|
2018-04-03 20:23:48 +00:00
|
|
|
return (request.user.is_authenticated and
|
|
|
|
request.user.is_staff and
|
|
|
|
not request.user.is_dj)
|
2018-03-28 20:56:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
class IsAdminOwnerOrReadOnly(permissions.BasePermission):
|
|
|
|
message = 'Only an admin user or the owner can change this object.'
|
|
|
|
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
if request.method in permissions.SAFE_METHODS:
|
|
|
|
return True
|
|
|
|
else:
|
|
|
|
if request.user.is_authenticated:
|
2018-04-06 16:19:51 +00:00
|
|
|
return ((request.user.is_staff or
|
2018-04-09 16:08:23 +00:00
|
|
|
request.user == obj.user) and
|
2018-04-03 20:23:48 +00:00
|
|
|
not request.user.is_dj)
|
2018-03-28 20:56:53 +00:00
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
class IsDJ(permissions.BasePermission):
|
|
|
|
message = 'Only the DJ can request the next song.'
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
return request.user.is_dj
|
|
|
|
else:
|
|
|
|
return False
|
2018-04-09 16:08:23 +00:00
|
|
|
|
|
|
|
|
|
|
|
class IsAuthenticatedAndNotDJ(permissions.BasePermission):
|
|
|
|
message = 'Only an authenticated user can make changes to this object.'
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
return not request.user.is_dj
|
|
|
|
else:
|
|
|
|
return False
|