Fakultas Ilmu Komputer UI

permissions.py 3 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
from rest_framework import permissions
from rest_framework.exceptions import APIException

from core.models import Company
from core.models import Student
from core.models import Supervisor


def is_admin_or_student(user):
    return user.is_superuser or hasattr(user, "student")


def is_admin_or_company(user):
    return user.is_superuser or hasattr(user, "company")


def is_admin_or_supervisor(user):
    return user.is_superuser or hasattr(user, "supervisor")


class IsAdminOrSelfOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        if request.user.is_superuser:
            return True
        # Instance must have an attribute named `user` or be `user`
        if hasattr(obj, "user"):
            return obj.user == request.user
        return obj == request.user


class IsAdminOrStudent(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_student(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        student = None
        if isinstance(obj, Student):
            student = obj
        elif hasattr(obj, "student"):
            student = obj.student
        else:
            raise APIException(
                "Checking student permission on object {} not associated with carrier"
                .format(type(obj.__name__))
            )

        return hasattr(user, "student") and user.student == student


class IsAdminOrSupervisor(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        supervisor = None
        if isinstance(obj, Supervisor):
            supervisor = obj
        elif hasattr(obj, "supervisor"):
            supervisor = obj.supervisor
        else:
            raise APIException(
                "Checking supervisor permission on object {} not associated with carrier"
                    .format(type(obj.__name__))
            )

        return hasattr(user, "supervisor") and user.supervisor == supervisor


class IsAdminOrCompany(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_company(request.user)

    def has_object_permission(self, request, view, obj):
        user = request.user
        if user.is_superuser:
            return True
        company = None
        if isinstance(obj, Company):
            company = obj
        elif hasattr(obj, "company"):
            company = obj.company
        else:
            raise APIException(
                "Checking company permission on object {} not associated with carrier"
                    .format(type(obj.__name__))
            )

        return hasattr(user, "company") and user.company == company