Fakultas Ilmu Komputer UI

permissions.py 4.59 KB
Newer Older
1
2
3
4
5
6
from rest_framework import permissions
from rest_framework.exceptions import APIException

from core.models import Company
from core.models import Student
from core.models import Supervisor
7
from core.models import Application
8
9
10
11
12
13
14
15
16
17
18
19
20

def is_admin_or_student(user):
    return user.is_superuser or hasattr(user, "student")


def is_admin_or_company(user):
    return user.is_superuser or hasattr(user, "company")


def is_admin_or_supervisor(user):
    return user.is_superuser or hasattr(user, "supervisor")


21
22
23
24
def is_admin_or_supervisor_or_company(user):
    return user.is_superuser or hasattr(user, "supervisor") or hasattr(user, "company")


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
class IsAdminOrSelfOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        if request.user.is_superuser:
            return True
        # Instance must have an attribute named `user` or be `user`
        if hasattr(obj, "user"):
            return obj.user == request.user
        return obj == request.user


class IsAdminOrStudent(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_student(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        student = None
        if isinstance(obj, Student):
            student = obj
        elif hasattr(obj, "student"):
            student = obj.student
        else:
            raise APIException(
52
53
                "Checking student permission on object {} not associated with Student"
                    .format(type(obj.__name__))
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
            )

        return hasattr(user, "student") and user.student == student


class IsAdminOrSupervisor(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        supervisor = None
        if isinstance(obj, Supervisor):
            supervisor = obj
        elif hasattr(obj, "supervisor"):
            supervisor = obj.supervisor
        else:
            raise APIException(
74
                "Checking supervisor permission on object {} not associated with Supervisor"
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
                    .format(type(obj.__name__))
            )

        return hasattr(user, "supervisor") and user.supervisor == supervisor


class IsAdminOrCompany(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_company(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        company = None
        if isinstance(obj, Company):
            company = obj
        elif hasattr(obj, "company"):
            company = obj.company
        else:
            raise APIException(
96
                "Checking company permission on object {} not associated with Company"
97
98
99
100
                    .format(type(obj.__name__))
            )

        return hasattr(user, "company") and user.company == company
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124


class IsAdminOrSupervisorOrCompany(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor_or_company(request.user)


class IsAdminOrSupervisorOrCompanyOrSelf(permissions.IsAuthenticated):
    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser or hasattr(user, "company") or hasattr(user, "supervisor"):
            return True
        if hasattr(user, "student"):
            if isinstance(obj, Student):
                student = obj
            elif hasattr(obj, "student"):
                student = obj.student
            else:
                raise APIException(
                    "Checking student permission on object {} not associated with Student"
                        .format(type(obj.__name__))
                )
            return hasattr(user, "student") and user.student == student
        return False
125
126


127
128
129
130
131
132
133
134
135
136
137
138
139
140
class IsAdminOrVacancyOwner(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_company(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        if isinstance(obj, Application):
            return user.company == obj.vacancy.company
        else:
            raise APIException(
                "Checking owner permission on non-application object"
            )