24 lines
902 B
Python
24 lines
902 B
Python
"""Project custom permissions"""
|
|
from rest_framework.permissions import BasePermission
|
|
from authorization.models import BlacklistedAccessToken
|
|
from utils.methods import get_token_from_request
|
|
|
|
|
|
class IsAuthenticatedAndTokenIsValid(BasePermission):
|
|
"""
|
|
Check if user has a valid token and authenticated
|
|
"""
|
|
|
|
def has_permission(self, request, view):
|
|
"""Check permissions by access token and default REST permission IsAuthenticated"""
|
|
user = request.user
|
|
if user and user.is_authenticated:
|
|
token = get_token_from_request(request)
|
|
# Check if user access token not expired
|
|
expired = BlacklistedAccessToken.objects.by_token(token)\
|
|
.by_user(user)\
|
|
.exists()
|
|
return not expired
|
|
else:
|
|
return False
|