mediacms/cms/permissions.py

97 lines
2.8 KiB
Python
Raw Permalink Normal View History

2020-12-15 22:33:43 +01:00
from django.conf import settings
from rest_framework import permissions
2021-05-26 17:35:21 +02:00
2020-12-15 22:33:43 +01:00
from files.methods import is_mediacms_editor, is_mediacms_manager
class IsAuthorizedToAdd(permissions.BasePermission):
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
return True
return user_allowed_to_upload(request)
class IsAuthorizedToAddComment(permissions.BasePermission):
def has_permission(self, request, view):
if request.method in permissions.SAFE_METHODS:
return True
return user_allowed_to_comment(request)
2020-12-15 22:33:43 +01:00
class IsUserOrManager(permissions.BasePermission):
"""To be used in cases where request.user is either the
object owner, or anyone amongst MediaCMS managers
or superusers
"""
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_superuser:
return True
if is_mediacms_manager(request.user):
return True
if hasattr(obj, 'user'):
return obj.user == request.user
else:
return obj == request.user
2020-12-15 22:33:43 +01:00
class IsUserOrEditor(permissions.BasePermission):
"""To be used in cases where request.user is either the
object owner, or anyone amongst MediaCMS editors, managers
or superusers
"""
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_superuser:
return True
if is_mediacms_editor(request.user):
return True
2020-12-25 16:24:42 +01:00
return obj.user == request.user
2020-12-15 22:33:43 +01:00
def user_allowed_to_upload(request):
"""Any custom logic for whether a user is allowed
to upload content lives here
"""
if request.user.is_anonymous:
return False
if request.user.is_superuser:
return True
if settings.CAN_ADD_MEDIA == "all":
return True
elif settings.CAN_ADD_MEDIA == "email_verified":
if request.user.email_is_verified:
return True
elif settings.CAN_ADD_MEDIA == "advancedUser":
if request.user.advancedUser:
return True
return False
def user_allowed_to_comment(request):
"""Any custom logic for whether a user is allowed
to comment lives here
"""
if request.user.is_anonymous:
return False
if request.user.is_superuser:
return True
# Default is "all"
if not hasattr(settings, "CAN_COMMENT") or settings.CAN_COMMENT == "all":
return True
elif settings.CAN_COMMENT == "email_verified":
if request.user.email_is_verified:
return True
elif settings.CAN_COMMENT == "advancedUser":
if request.user.advancedUser:
return True
return False