| 123456789101112131415161718192021222324252627282930313233343536 |
- from rest_framework.permissions import BasePermission
- class APIPermission(BasePermission):
- allow_read_only = False
- @staticmethod
- def is_safe(request):
- return request.method in ["GET", "HEAD", "OPTIONS"]
- class AllowAny(APIPermission):
- def has_permission(self, request, view):
- return True
- class IsAdmin(APIPermission):
- def has_permission(self, request, view):
- return request.user and getattr(request.user, "is_admin", False)
- class IsStaff(APIPermission):
- def has_permission(self, request, view):
- return request.user and getattr(request.user, "is_staff", False)
- class IsStaffOrAdmin(APIPermission):
- def has_permission(self, request, view):
- return request.user and (getattr(request.user, "is_admin", False) or getattr(request.user, "is_staff", False))
- class IsAuthenticated(APIPermission):
- def has_permission(self, request, view):
- return request.user and request.user.is_authenticated
- class IsOwner(APIPermission):
- def has_object_permission(self, request, view, obj):
- return request.user and obj.user == request.user
|
