Add custom permissions and apply them to radio API views.
This commit is contained in:
Josh Washburne
parent
abe64f3a7d
commit
862bf63d6e
2 changed files with 49 additions and 0 deletions
44
savepointradio/api/permissions.py
Normal file
44
savepointradio/api/permissions.py
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
from rest_framework import permissions
|
||||
|
||||
|
||||
class IsAdminOrOwner(permissions.BasePermission):
|
||||
message = 'Only an admin user or owner can access this.'
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.user.is_authenticated():
|
||||
return request.user.is_staff or request.user == obj.user
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
class IsAdminOrReadOnly(permissions.BasePermission):
|
||||
message = 'Only an admin user can make changes.'
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
else:
|
||||
return request.user.is_authenticated and request.user.is_staff
|
||||
|
||||
|
||||
class IsAdminOwnerOrReadOnly(permissions.BasePermission):
|
||||
message = 'Only an admin user or the owner can change this object.'
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
else:
|
||||
if request.user.is_authenticated:
|
||||
return request.user.is_staff or request.user == obj.user
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
class IsDJ(permissions.BasePermission):
|
||||
message = 'Only the DJ can request the next song.'
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_authenticated:
|
||||
return request.user.is_dj
|
||||
else:
|
||||
return False
|
||||
|
|
@ -1,25 +1,30 @@
|
|||
from rest_framework import viewsets
|
||||
|
||||
from radio.models import Album, Artist, Game, Song
|
||||
from ..permissions import IsAdminOrReadOnly
|
||||
from ..serializers.radio import (AlbumSerializer, ArtistSerializer,
|
||||
GameSerializer, SongSerializer)
|
||||
|
||||
|
||||
class AlbumViewSet(viewsets.ModelViewSet):
|
||||
permission_classes = [IsAdminOrReadOnly]
|
||||
queryset = Album.objects.all()
|
||||
serializer_class = AlbumSerializer
|
||||
|
||||
|
||||
class ArtistViewSet(viewsets.ModelViewSet):
|
||||
permission_classes = [IsAdminOrReadOnly]
|
||||
queryset = Artist.objects.all()
|
||||
serializer_class = ArtistSerializer
|
||||
|
||||
|
||||
class GameViewSet(viewsets.ModelViewSet):
|
||||
permission_classes = [IsAdminOrReadOnly]
|
||||
queryset = Game.objects.all()
|
||||
serializer_class = GameSerializer
|
||||
|
||||
|
||||
class SongViewSet(viewsets.ModelViewSet):
|
||||
permission_classes = [IsAdminOrReadOnly]
|
||||
queryset = Song.objects.all()
|
||||
serializer_class = SongSerializer
|
||||
|
|
|
|||
Loading…
Reference in a new issue