kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes to views permissions

Browse Source
This commit is contained in:
Sam
2021-01-25 10:36:57 +00:00
parent cf5d193765
commit fc0478299b
4 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
back_latienda/permissions.py
View File

@@ -3,12 +3,12 @@ from rest_framework import permissions
class IsCreator(permissions.BasePermission): class IsCreator(permissions.BasePermission):
""" """
Grant permission is request.user same as obj.creator Grant permission if request.user same as obj.creator
""" """
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
if obj is not None: if obj is not None:
# allow is authenticated and method is safe # allow if authenticated and method is safe
if request.method in permissions.SAFE_METHODS: if request.method in permissions.SAFE_METHODS:
return True return True
@@ -20,6 +20,17 @@ class IsCreator(permissions.BasePermission):
return False return False
class IsStaff(permissions.BasePermission):
"""
Grant permission if request.user.is_staff is True
"""
def has_object_permission(self, request, view, obj):
if obj is not None:
if request.user.is_staff is True:
return True
return False
class ReadOnly(permissions.BasePermission): class ReadOnly(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return request.method in permissions.SAFE_METHODS return request.method in permissions.SAFE_METHODS

3
history/views.py
View File

@@ -5,7 +5,10 @@ from rest_framework import viewsets
from history.models import HistorySync from history.models import HistorySync
from history.serializers import HistorySyncLogSerializer from history.serializers import HistorySyncLogSerializer
from back_latienda.permissions import IsStaff
class HistorySyncViewSet(viewsets.ModelViewSet): class HistorySyncViewSet(viewsets.ModelViewSet):
queryset = HistorySync.objects.all() queryset = HistorySync.objects.all()
serializer_class = HistorySyncLogSerializer serializer_class = HistorySyncLogSerializer
permission_classes = [IsStaff,]

5
products/views.py
View File

@@ -2,10 +2,15 @@ from django.shortcuts import render
# Create your views here. # Create your views here.
from rest_framework import viewsets from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticatedOrReadOnly
from products.models import Product from products.models import Product
from products.serializers import ProductSerializer from products.serializers import ProductSerializer
from back_latienda.permissions import IsCreator
class ProductViewSet(viewsets.ModelViewSet): class ProductViewSet(viewsets.ModelViewSet):
queryset = Product.objects.all() queryset = Product.objects.all()
serializer_class = ProductSerializer serializer_class = ProductSerializer
permission_classes = [IsAuthenticatedOrReadOnly, IsCreator]

3
stats/views.py
View File

@@ -5,7 +5,10 @@ from rest_framework import viewsets
from stats.models import StatsLog from stats.models import StatsLog
from stats.serializers import StatsLogSerializer from stats.serializers import StatsLogSerializer
from back_latienda.permissions import IsStaff
class StatsLogViewSet(viewsets.ModelViewSet): class StatsLogViewSet(viewsets.ModelViewSet):
queryset = StatsLog.objects.all() queryset = StatsLog.objects.all()
serializer_class = StatsLogSerializer serializer_class = StatsLogSerializer
permission_classes = [IsStaff,]