Fakultas Ilmu Komputer UI

permissions.py 5.41 KB
Newer Older
1
from rest_framework import permissions
2
from rest_framework.exceptions import PermissionDenied
3
4
5
6

from core.models import Company
from core.models import Student
from core.models import Supervisor
7
from core.models import Application
8
from core.models import Vacancy
9

10

11
def is_admin_or_student(user):
12
    return user.is_superuser or user.is_staff or hasattr(user, "student")
13
14
15


def is_admin_or_company(user):
16
17
18
    if user.is_superuser or user.is_staff:
        return True

19
    if not hasattr(user, "company") or user.company.status != Company.VERIFIED :
20
        raise PermissionDenied("This account is not valid company account or has not been verified")
21
22

    return True
23
24
25


def is_admin_or_supervisor(user):
26
    return user.is_superuser or user.is_staff or hasattr(user, "supervisor")
27
28


29
def is_admin_or_supervisor_or_company(user):
30
    return user.is_superuser or user.is_staff or hasattr(user, "supervisor") or hasattr(user, "company")
31
32


33
34
35
36
class IsAdminOrSelfOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
37
        if request.user.is_superuser or request.user.is_staff:
38
39
40
41
42
43
44
45
46
47
48
49
50
            return True
        # Instance must have an attribute named `user` or be `user`
        if hasattr(obj, "user"):
            return obj.user == request.user
        return obj == request.user


class IsAdminOrStudent(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_student(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
51
        if user.is_superuser or user.is_staff:
52
53
54
55
56
57
58
            return True
        student = None
        if isinstance(obj, Student):
            student = obj
        elif hasattr(obj, "student"):
            student = obj.student
        else:
59
            raise PermissionDenied(
60
                "Checking student permission on object {} not associated with Student"
61
                    .format(type(obj.__name__))
62
63
64
65
66
67
68
69
70
71
72
            )

        return hasattr(user, "student") and user.student == student


class IsAdminOrSupervisor(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
73
        if user.is_superuser or user.is_staff:
74
75
76
77
78
79
80
            return True
        supervisor = None
        if isinstance(obj, Supervisor):
            supervisor = obj
        elif hasattr(obj, "supervisor"):
            supervisor = obj.supervisor
        else:
81
            raise PermissionDenied(
82
                "Checking supervisor permission on object {} not associated with Supervisor"
83
                    .format(type(obj.__name__))
84
85
86
87
88
89
90
91
92
93
94
            )

        return hasattr(user, "supervisor") and user.supervisor == supervisor


class IsAdminOrCompany(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_company(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
95
        if user.is_superuser or user.is_staff:
96
97
98
99
100
101
102
            return True
        company = None
        if isinstance(obj, Company):
            company = obj
        elif hasattr(obj, "company"):
            company = obj.company
        else:
103
            raise PermissionDenied(
104
                "Checking company permission on object {} not associated with Company"
105
                    .format(type(obj.__name__))
106
107
108
            )

        return hasattr(user, "company") and user.company == company
109
110
111
112
113
114
115
116
117
118


class IsAdminOrSupervisorOrCompany(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor_or_company(request.user)


class IsAdminOrSupervisorOrCompanyOrSelf(permissions.IsAuthenticated):
    def has_object_permission(self, request, view, obj):
        user = request.user
119
        if user.is_superuser or user.is_staff or hasattr(user, "company") or hasattr(user, "supervisor"):
120
121
122
123
124
125
126
            return True
        if hasattr(user, "student"):
            if isinstance(obj, Student):
                student = obj
            elif hasattr(obj, "student"):
                student = obj.student
            else:
127
                raise PermissionDenied(
128
                    "Checking student permission on object {} not associated with Student"
129
                        .format(type(obj.__name__))
130
131
132
                )
            return hasattr(user, "student") and user.student == student
        return False
133
134


135
136
137
138
139
140
class IsAdminOrVacancyOwner(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_company(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
141
        if user.is_superuser or user.is_staff:
142
143
144
145
            return True
        if isinstance(obj, Application):
            return user.company == obj.vacancy.company
        else:
146
147
            raise PermissionDenied(
                "Checking owner permission on non-application object"
148
            )
149
150
151
152

class AsAdminOrSupervisor(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)
153
154
155
156
157
158
159

class VacancyApprovalPermission(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

    def has_object_permission(self, request, view, obj):
        return isinstance(obj, Vacancy)