34 lines
1.1 KiB
Python
34 lines
1.1 KiB
Python
from rest_framework import permissions
|
|
from account.models import UserRole, Role, User
|
|
|
|
|
|
class IsCommentModerator(permissions.BasePermission):
|
|
"""
|
|
Object-level permission to only allow owners of an object to edit it.
|
|
Assumes the model instance has an `owner` attribute.
|
|
"""
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
# Read permissions are allowed to any request,
|
|
# so we'll always allow GET, HEAD or OPTIONS requests.
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
# # user owner is user request
|
|
if obj.user == request.user:
|
|
return True
|
|
|
|
# Must have role
|
|
role = Role.objects.filter(role=2,
|
|
country__languages__id=obj.language_id)\
|
|
.first() # 'Comments moderator'
|
|
is_access = UserRole.objects.filter(user=request.user, role=role).exists()
|
|
if obj.user != request.user and is_access:
|
|
return True
|
|
|
|
super_user = User.objects.filter(pk=request.user.pk, is_superuser=True).exists()
|
|
if super_user:
|
|
return True
|
|
|
|
return False
|
|
|