33 lines
No EOL
1.2 KiB
Python
33 lines
No EOL
1.2 KiB
Python
from rest_framework import permissions
|
|
from .models import VoyageLink, VoyagePermission
|
|
|
|
def link_permission(request, voyage_link):
|
|
user = request.user
|
|
if voyage_link.voyage.creator == user:
|
|
return True
|
|
|
|
try:
|
|
permission_collaborator = voyage_link.voyage.collaborator_permissions.get(user=user.id)
|
|
except VoyagePermission.DoesNotExist:
|
|
permission_collaborator = None
|
|
|
|
permission_link = voyage_link.permission
|
|
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return permission_link.view or getattr(permission_collaborator, "view", False)
|
|
else:
|
|
return permission_link.change or getattr(permission_collaborator, "change", False)
|
|
|
|
class HasVoyagePermission(permissions.BasePermission):
|
|
def has_permission(self, request, view):
|
|
voyage_link = VoyageLink.objects.select_related("voyage", "permission").get(id=view.kwargs["voyage_link_pk"])
|
|
return link_permission(request, voyage_link)
|
|
|
|
|
|
class HasLinkPermission(permissions.BasePermission):
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method == "DELETE" and obj.primary:
|
|
return obj.voyage.creator == request.user or not obj.voyage.creator
|
|
|
|
return link_permission(request, obj)
|
|
|