29 lines
1.0 KiB
Python
29 lines
1.0 KiB
Python
from rest_framework import permissions
|
|
from account.models import UserRole, Role, User
|
|
|
|
|
|
class IsCommentModerator(permissions.IsAuthenticatedOrReadOnly):
|
|
"""
|
|
Object-level permission to only allow owners of an object to edit it.
|
|
Assumes the model instance has an `owner` attribute.
|
|
"""
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
# Read permissions are allowed to any request,
|
|
# so we'll always allow GET, HEAD or OPTIONS requests.
|
|
if request.method in permissions.SAFE_METHODS or \
|
|
obj.user == request.user or request.user.is_superuser:
|
|
return True
|
|
|
|
# Must have role
|
|
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
|
|
country__languages__id=obj.language_id)\
|
|
.first() # 'Comments moderator'
|
|
|
|
is_access = UserRole.objects.filter(user=request.user, role=role).exists()
|
|
if obj.user != request.user and is_access:
|
|
return True
|
|
|
|
return False
|
|
|