2021-04-21 12:27:18 +00:00
|
|
|
from django.urls import resolve
|
2014-05-08 16:59:35 +00:00
|
|
|
from rest_framework.permissions import DjangoModelPermissions
|
|
|
|
|
|
|
|
|
|
|
|
class OrchestraPermissionBackend(DjangoModelPermissions):
|
|
|
|
""" Permissions according to each user """
|
2021-04-21 12:27:18 +00:00
|
|
|
|
2014-05-08 16:59:35 +00:00
|
|
|
def has_permission(self, request, view):
|
2015-04-23 14:34:04 +00:00
|
|
|
queryset = getattr(view, 'queryset', None)
|
|
|
|
if queryset is None:
|
2014-05-08 16:59:35 +00:00
|
|
|
name = resolve(request.path).url_name
|
|
|
|
return name == 'api-root'
|
2021-04-21 12:27:18 +00:00
|
|
|
|
2015-04-23 14:34:04 +00:00
|
|
|
model_cls = queryset.model
|
2014-05-08 16:59:35 +00:00
|
|
|
perms = self.get_required_permissions(request.method, model_cls)
|
|
|
|
if (request.user and
|
|
|
|
request.user.is_authenticated() and
|
|
|
|
request.user.has_perms(perms, model_cls)):
|
|
|
|
return True
|
|
|
|
return False
|
2021-04-21 12:27:18 +00:00
|
|
|
|
2014-05-08 16:59:35 +00:00
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
perms = self.get_required_permissions(request.method, type(obj))
|
|
|
|
if (request.user and
|
|
|
|
request.user.is_authenticated() and
|
|
|
|
request.user.has_perms(perms, obj)):
|
|
|
|
return True
|
|
|
|
return False
|