phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ff7df815f4
gault-millau/apps/utils/permissions.py
Виктор Гладких ff7df815f4 Fix country_id
2019-10-15 15:20:44 +03:00

113 lines
3.9 KiB
Python
Raw Blame History

"""Project custom permissions"""
from rest_framework import permissions
from rest_framework_simplejwt.tokens import AccessToken
from account.models import UserRole, Role
from authorization.models import JWTRefreshToken
from utils.tokens import GMRefreshToken
class IsAuthenticatedAndTokenIsValid(permissions.BasePermission):
"""
Check if user has a valid token and authenticated
"""
def has_permission(self, request, view):
"""Check permissions by access token and default REST permission IsAuthenticated"""
user = request.user
access_token = request.COOKIES.get('access_token')
if user.is_authenticated and access_token:
access_token = AccessToken(access_token)
valid_tokens = user.access_tokens.valid()\
.by_jti(jti=access_token.payload.get('jti'))
return valid_tokens.exists()
else:
return False
class IsRefreshTokenValid(permissions.BasePermission):
"""
Check if user has a valid refresh token and authenticated
"""
def has_permission(self, request, view):
"""Check permissions by refresh token and default REST permission IsAuthenticated"""
refresh_token = request.COOKIES.get('refresh_token')
if refresh_token:
refresh_token = GMRefreshToken(refresh_token)
refresh_token_qs = JWTRefreshToken.objects.valid()\
.by_jti(jti=refresh_token.payload.get('jti'))
return refresh_token_qs.exists()
else:
return False
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS or \
obj.user == request.user or request.user.is_superuser:
return True
return False
class IsGuest(permissions.IsAuthenticatedOrReadOnly):
"""
Object-level permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS or request.user.is_superuser:
return True
return False
class IsStandardUser(IsGuest):
"""
Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request
if super().has_object_permission(request, view, obj) or\
(obj.user == request.user and obj.user.email_confirmed):
return True
return False
class IsCommentModerator(IsStandardUser):
"""
Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request.
if super().has_object_permission(request, view, obj):
return True
# Must have role
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
country_id=obj.country_id)\
.first() # 'Comments moderator'
is_access = UserRole.objects.filter(user=request.user, role=role).exists()
if obj.user != request.user and is_access:
return True
return False
class IsCountryAdmin(IsGuest):
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request.
# Must have role
role = Role.objects.filter(role=Role.COUNTRY_ADMIN, country_id=obj.country_id).first() # 'Country admin'
is_access = UserRole.objects.filter(user=request.user, role=role).exists()
if super().has_object_permission(request, view, obj) and is_access:
return True
return False
Reference in New Issue View Git Blame Copy Permalink