from rest_framework.permissions import BasePermission from apps.users.utils import is_user_registration_open class ScopedPermission(BasePermission): """ Check if view has scope_map and compare it with request's auth scope map Fall back to checking for user authentication """ scope_map = {} def get_allowed_scopes(self, request, view): try: return self.scope_map[request.method] except KeyError: return {} def has_permission(self, request, view): if request.auth: allowed_scopes = self.get_allowed_scopes(request, view) current_scopes = request.auth.get_scopes() return any(s in allowed_scopes for s in current_scopes) return bool(request.user and request.user.is_authenticated) def get_user_scopes(self, obj, user): return set() def has_object_permission(self, request, view, obj): allowed_scopes = self.get_allowed_scopes(request, view) current_scopes = self.get_user_scopes(obj, request.user) return any(s in allowed_scopes for s in current_scopes) class UserOnlyPermission(BasePermission): """ Authentication method disallows tokens. User must be logged in via session. """ def has_permission(self, request, view): if request.auth: return False return bool(request.user and request.user.is_authenticated) class UserRegistrationPermission(BasePermission): """ If registration is closed, only first user can be created except by superuser. """ def has_permission(self, request, view): return bool( is_user_registration_open() or (request.user and request.user.is_superuser) )