Add custom permissions and apply them to radio API views.
This commit is contained in:
Josh Washburne
parent
abe64f3a7d
commit
862bf63d6e
2 changed files with 49 additions and 0 deletions
44
savepointradio/api/permissions.py
Normal file
44
savepointradio/api/permissions.py
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
from rest_framework import permissions
|
||||||
|
|
||||||
|
|
||||||
|
class IsAdminOrOwner(permissions.BasePermission):
|
||||||
|
message = 'Only an admin user or owner can access this.'
|
||||||
|
|
||||||
|
def has_object_permission(self, request, view, obj):
|
||||||
|
if request.user.is_authenticated():
|
||||||
|
return request.user.is_staff or request.user == obj.user
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class IsAdminOrReadOnly(permissions.BasePermission):
|
||||||
|
message = 'Only an admin user can make changes.'
|
||||||
|
|
||||||
|
def has_permission(self, request, view):
|
||||||
|
if request.method in permissions.SAFE_METHODS:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return request.user.is_authenticated and request.user.is_staff
|
||||||
|
|
||||||
|
|
||||||
|
class IsAdminOwnerOrReadOnly(permissions.BasePermission):
|
||||||
|
message = 'Only an admin user or the owner can change this object.'
|
||||||
|
|
||||||
|
def has_object_permission(self, request, view, obj):
|
||||||
|
if request.method in permissions.SAFE_METHODS:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
if request.user.is_authenticated:
|
||||||
|
return request.user.is_staff or request.user == obj.user
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class IsDJ(permissions.BasePermission):
|
||||||
|
message = 'Only the DJ can request the next song.'
|
||||||
|
|
||||||
|
def has_permission(self, request, view):
|
||||||
|
if request.user.is_authenticated:
|
||||||
|
return request.user.is_dj
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
@ -1,25 +1,30 @@
|
||||||
from rest_framework import viewsets
|
from rest_framework import viewsets
|
||||||
|
|
||||||
from radio.models import Album, Artist, Game, Song
|
from radio.models import Album, Artist, Game, Song
|
||||||
|
from ..permissions import IsAdminOrReadOnly
|
||||||
from ..serializers.radio import (AlbumSerializer, ArtistSerializer,
|
from ..serializers.radio import (AlbumSerializer, ArtistSerializer,
|
||||||
GameSerializer, SongSerializer)
|
GameSerializer, SongSerializer)
|
||||||
|
|
||||||
|
|
||||||
class AlbumViewSet(viewsets.ModelViewSet):
|
class AlbumViewSet(viewsets.ModelViewSet):
|
||||||
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Album.objects.all()
|
queryset = Album.objects.all()
|
||||||
serializer_class = AlbumSerializer
|
serializer_class = AlbumSerializer
|
||||||
|
|
||||||
|
|
||||||
class ArtistViewSet(viewsets.ModelViewSet):
|
class ArtistViewSet(viewsets.ModelViewSet):
|
||||||
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Artist.objects.all()
|
queryset = Artist.objects.all()
|
||||||
serializer_class = ArtistSerializer
|
serializer_class = ArtistSerializer
|
||||||
|
|
||||||
|
|
||||||
class GameViewSet(viewsets.ModelViewSet):
|
class GameViewSet(viewsets.ModelViewSet):
|
||||||
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Game.objects.all()
|
queryset = Game.objects.all()
|
||||||
serializer_class = GameSerializer
|
serializer_class = GameSerializer
|
||||||
|
|
||||||
|
|
||||||
class SongViewSet(viewsets.ModelViewSet):
|
class SongViewSet(viewsets.ModelViewSet):
|
||||||
|
permission_classes = [IsAdminOrReadOnly]
|
||||||
queryset = Song.objects.all()
|
queryset = Song.objects.all()
|
||||||
serializer_class = SongSerializer
|
serializer_class = SongSerializer
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue