Source code for beat.web.common.permissions

#!/usr/bin/env python
# vim: set fileencoding=utf-8 :

###############################################################################
#                                                                             #
# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/           #
# Contact: beat.support@idiap.ch                                              #
#                                                                             #
# This file is part of the beat.web module of the BEAT platform.              #
#                                                                             #
# Commercial License Usage                                                    #
# Licensees holding valid commercial BEAT licenses may use this file in       #
# accordance with the terms contained in a written agreement between you      #
# and Idiap. For further information contact tto@idiap.ch                     #
#                                                                             #
# Alternatively, this file may be used under the terms of the GNU Affero      #
# Public License version 3 as published by the Free Software and appearing    #
# in the file LICENSE.AGPL included in the packaging of this file.            #
# The BEAT platform is distributed in the hope that it will be useful, but    #
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY  #
# or FITNESS FOR A PARTICULAR PURPOSE.                                        #
#                                                                             #
# You should have received a copy of the GNU Affero Public License along      #
# with the BEAT platform. If not, see http://www.gnu.org/licenses/.           #
#                                                                             #
###############################################################################

from rest_framework import permissions



[docs]class IsSuperuser(permissions.BasePermission):
    """
    Global permission check for super user
    """


[docs]    def has_permission(self, request, view):
        return request.user.is_superuser




[docs]class IsAuthor(permissions.IsAuthenticated):
    """
    Global permission check that verify if the user
    is also the onwer of the asked data
    """


[docs]    def has_permission(self, request, view):
        allowed = super().has_permission(request, view)
        if allowed:
            kwargs = request.parser_context.get("kwargs")
            author_name = kwargs.get("author_name")
            allowed = request.user.username == author_name
        return allowed




[docs]class IsAuthorOrReadOnly(IsAuthor):
    """
    Either allow access if using a read method or
    check that the user is also the author.
    """


[docs]    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            return super().has_permission(request, view)




[docs]class IsAdminOrReadOnly(permissions.IsAdminUser):
    """
    Either allow access if using a read method or
    check that the user is an admin.
    """


[docs]    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            return super().has_permission(request, view)




[docs]class IsModifiableOrRead(permissions.BasePermission):
    """
    Check for modifiable flag if there's a modification that is tried
    """


[docs]    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            return obj.modifiable()