phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix roles

Browse Source
This commit is contained in:
Виктор Гладких 2019-10-25 15:51:07 +03:00
parent b7831b9739
commit a38fed847a
1 changed files with 71 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
apps/utils/permissions.py
View File

@ -20,7 +20,7 @@ class IsAuthenticatedAndTokenIsValid(permissions.BasePermission):
access_token = request.COOKIES.get('access_token') access_token = request.COOKIES.get('access_token')
if user.is_authenticated and access_token: if user.is_authenticated and access_token:
access_token = AccessToken(access_token) access_token = AccessToken(access_token)
valid_tokens = user.access_tokens.valid()\ valid_tokens = user.access_tokens.valid() \
.by_jti(jti=access_token.payload.get('jti')) .by_jti(jti=access_token.payload.get('jti'))
return valid_tokens.exists() return valid_tokens.exists()
else: else:
@ -31,12 +31,13 @@ class IsRefreshTokenValid(permissions.BasePermission):
""" """
Check if user has a valid refresh token and authenticated Check if user has a valid refresh token and authenticated
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
"""Check permissions by refresh token and default REST permission IsAuthenticated""" """Check permissions by refresh token and default REST permission IsAuthenticated"""
refresh_token = request.COOKIES.get('refresh_token') refresh_token = request.COOKIES.get('refresh_token')
if refresh_token: if refresh_token:
refresh_token = GMRefreshToken(refresh_token) refresh_token = GMRefreshToken(refresh_token)
refresh_token_qs = JWTRefreshToken.objects.valid()\ refresh_token_qs = JWTRefreshToken.objects.valid() \
.by_jti(jti=refresh_token.payload.get('jti')) .by_jti(jti=refresh_token.payload.get('jti'))
return refresh_token_qs.exists() return refresh_token_qs.exists()
else: else:
@ -55,6 +56,7 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
""" """
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
request.user.is_superuser, request.user.is_superuser,
@ -63,7 +65,6 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
return any(rules) return any(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
rules = [ rules = [
request.user.is_superuser, request.user.is_superuser,
request.method in permissions.SAFE_METHODS request.method in permissions.SAFE_METHODS
@ -76,6 +77,7 @@ class IsStandardUser(IsGuest):
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute. Assumes the model instance has an `owner` attribute.
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
super().has_permission(request, view) super().has_permission(request, view)
@ -118,7 +120,7 @@ class IsContentPageManager(IsStandardUser):
# and request.user.email_confirmed, # and request.user.email_confirmed,
if hasattr(request, 'user'): if hasattr(request, 'user'):
role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
country_id=request.country_id)\ country_id=request.country_id) \
.first() # 'Comments moderator' .first() # 'Comments moderator'
rules = [ rules = [
@ -132,7 +134,7 @@ class IsContentPageManager(IsStandardUser):
# Read permissions are allowed to any request. # Read permissions are allowed to any request.
role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
country_id=obj.country_id)\ country_id=obj.country_id) \
.first() # 'Comments moderator' .first() # 'Comments moderator'
rules = [ rules = [
@ -148,6 +150,7 @@ class IsCountryAdmin(IsStandardUser):
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute. Assumes the model instance has an `owner` attribute.
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
@ -221,7 +224,7 @@ class IsCommentModerator(IsStandardUser):
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request. # Read permissions are allowed to any request.
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR, role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
country_id=obj.country_id)\ country_id=obj.country_id) \
.first() # 'Comments moderator' .first() # 'Comments moderator'
rules = [ rules = [
@ -234,8 +237,26 @@ class IsCommentModerator(IsStandardUser):
class IsEstablishmentManager(IsStandardUser): class IsEstablishmentManager(IsStandardUser):
def has_permission(self, request, view):
rules = [
super().has_permission(request, view)
]
# and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'establishment_id'):
role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
.first() # 'Comments moderator'
rules = [
UserRole.objects.filter(user=request.user, role=role,
establishment_id=request.data.establishment_id
).exists(),
super().has_permission(request, view)
]
return any(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER)\ role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
.first() # 'Comments moderator' .first() # 'Comments moderator'
rules = [ rules = [
@ -250,10 +271,27 @@ class IsEstablishmentManager(IsStandardUser):
class IsReviewerManager(IsStandardUser): class IsReviewerManager(IsStandardUser):
def has_object_permission(self, request, view, obj): def has_permission(self, request, view):
rules = [
super().has_permission(request, view)
]
# and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
role = Role.objects.filter(role=Role.REVIEWER_MANGER) \
.first() # 'Comments moderator'
rules = [
UserRole.objects.filter(user=request.user, role=role,
establishment_id=request.data.country_id
).exists(),
super().has_permission(request, view)
]
return any(rules)
def has_object_permission(self, request, view, obj):
role = Role.objects.filter(role=Role.REVIEWER_MANGER, role = Role.objects.filter(role=Role.REVIEWER_MANGER,
country_id=obj.country_id)\ country_id=obj.country_id) \
.first() .first()
rules = [ rules = [
@ -266,8 +304,25 @@ class IsReviewerManager(IsStandardUser):
class IsRestaurantReviewer(IsStandardUser): class IsRestaurantReviewer(IsStandardUser):
def has_object_permission(self, request, view, obj): def has_permission(self, request, view):
rules = [
super().has_permission(request, view)
]
# and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'object_id'):
role = Role.objects.filter(role=Role.RESTAURANT_REVIEWER) \
.first() # 'Comments moderator'
rules = [
UserRole.objects.filter(user=request.user, role=role,
establishment_id=request.data.object_id
).exists(),
super().has_permission(request, view)
]
return any(rules)
def has_object_permission(self, request, view, obj):
content_type = ContentType.objects.get(app_lable='establishment', content_type = ContentType.objects.get(app_lable='establishment',
model='establishment') model='establishment')