improvement to custom user endpoint

2021-01-25 12:28:46 +00:00
parent f94d822d5e
commit c3c9f54c54
4 changed files with 35 additions and 5 deletions
--- a/back_latienda/permissions.py
+++ b/back_latienda/permissions.py
@@ -31,6 +31,24 @@ class IsStaff(permissions.BasePermission):
                return True
        return False

+
 class ReadOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        return request.method in permissions.SAFE_METHODS
+
+
+class CustomUserPermissions(permissions.BasePermission):
+    """
+    Custom permissions for managing custom user instances
+    """
+    def has_permission(self, request, view):
+        # allow anon users to create new CustomUser (inactive)
+        if request.method == 'POST' and request.user.is_anonymous is True:
+            return True
+
+        # only admins can change or delete
+        if request.user.is_staff is True:
+            return True
+
+        # for everything else
+        return False