mirror of
https://github.com/mediacms-io/mediacms.git
synced 2024-11-28 19:23:33 +01:00
97 lines
2.8 KiB
Python
97 lines
2.8 KiB
Python
from django.conf import settings
|
|
from rest_framework import permissions
|
|
|
|
from files.methods import is_mediacms_editor, is_mediacms_manager
|
|
|
|
|
|
class IsAuthorizedToAdd(permissions.BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
return user_allowed_to_upload(request)
|
|
|
|
|
|
class IsAuthorizedToAddComment(permissions.BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
return user_allowed_to_comment(request)
|
|
|
|
|
|
class IsUserOrManager(permissions.BasePermission):
|
|
"""To be used in cases where request.user is either the
|
|
object owner, or anyone amongst MediaCMS managers
|
|
or superusers
|
|
"""
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
if request.user.is_superuser:
|
|
return True
|
|
if is_mediacms_manager(request.user):
|
|
return True
|
|
|
|
if hasattr(obj, 'user'):
|
|
return obj.user == request.user
|
|
else:
|
|
return obj == request.user
|
|
|
|
|
|
class IsUserOrEditor(permissions.BasePermission):
|
|
"""To be used in cases where request.user is either the
|
|
object owner, or anyone amongst MediaCMS editors, managers
|
|
or superusers
|
|
"""
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
if request.user.is_superuser:
|
|
return True
|
|
if is_mediacms_editor(request.user):
|
|
return True
|
|
|
|
return obj.user == request.user
|
|
|
|
|
|
def user_allowed_to_upload(request):
|
|
"""Any custom logic for whether a user is allowed
|
|
to upload content lives here
|
|
"""
|
|
if request.user.is_anonymous:
|
|
return False
|
|
if request.user.is_superuser:
|
|
return True
|
|
|
|
if settings.CAN_ADD_MEDIA == "all":
|
|
return True
|
|
elif settings.CAN_ADD_MEDIA == "email_verified":
|
|
if request.user.email_is_verified:
|
|
return True
|
|
elif settings.CAN_ADD_MEDIA == "advancedUser":
|
|
if request.user.advancedUser:
|
|
return True
|
|
return False
|
|
|
|
|
|
def user_allowed_to_comment(request):
|
|
"""Any custom logic for whether a user is allowed
|
|
to comment lives here
|
|
"""
|
|
if request.user.is_anonymous:
|
|
return False
|
|
if request.user.is_superuser:
|
|
return True
|
|
|
|
# Default is "all"
|
|
if not hasattr(settings, "CAN_COMMENT") or settings.CAN_COMMENT == "all":
|
|
return True
|
|
elif settings.CAN_COMMENT == "email_verified":
|
|
if request.user.email_is_verified:
|
|
return True
|
|
elif settings.CAN_COMMENT == "advancedUser":
|
|
if request.user.advancedUser:
|
|
return True
|
|
return False
|