kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes to views permissions

Browse Source
This commit is contained in:
Sam
2021-01-25 10:36:57 +00:00
parent cf5d193765
commit fc0478299b
4 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
back_latienda/permissions.py
View File

@@ -3,12 +3,12 @@ from rest_framework import permissions
class IsCreator(permissions.BasePermission):
"""
Grant permission is request.user same as obj.creator
Grant permission if request.user same as obj.creator
"""
def has_object_permission(self, request, view, obj):
if obj is not None:
# allow is authenticated and method is safe
# allow if authenticated and method is safe
if request.method in permissions.SAFE_METHODS:
return True
@@ -20,6 +20,17 @@ class IsCreator(permissions.BasePermission):
return False
class IsStaff(permissions.BasePermission):
"""
Grant permission if request.user.is_staff is True
"""
def has_object_permission(self, request, view, obj):
if obj is not None:
if request.user.is_staff is True:
return True
return False
class ReadOnly(permissions.BasePermission):
def has_permission(self, request, view):
return request.method in permissions.SAFE_METHODS

3
history/views.py
View File

@@ -5,7 +5,10 @@ from rest_framework import viewsets
from history.models import HistorySync
from history.serializers import HistorySyncLogSerializer
from back_latienda.permissions import IsStaff
class HistorySyncViewSet(viewsets.ModelViewSet):
queryset = HistorySync.objects.all()
serializer_class = HistorySyncLogSerializer
permission_classes = [IsStaff,]

5
products/views.py
View File

@@ -2,10 +2,15 @@ from django.shortcuts import render
# Create your views here.
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticatedOrReadOnly
from products.models import Product
from products.serializers import ProductSerializer
from back_latienda.permissions import IsCreator
class ProductViewSet(viewsets.ModelViewSet):
queryset = Product.objects.all()
serializer_class = ProductSerializer
permission_classes = [IsAuthenticatedOrReadOnly, IsCreator]

3
stats/views.py
View File

@@ -5,7 +5,10 @@ from rest_framework import viewsets
from stats.models import StatsLog
from stats.serializers import StatsLogSerializer
from back_latienda.permissions import IsStaff
class StatsLogViewSet(viewsets.ModelViewSet):
queryset = StatsLog.objects.all()
serializer_class = StatsLogSerializer
permission_classes = [IsStaff,]