12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- from rest_framework.permissions import BasePermission
- from users.utils import is_user_registration_open
- class ScopedPermission(BasePermission):
- """
- Check if view has scope_map and compare it with request's auth scope map
- Fall back to checking for user authentication
- """
- scope_map = {}
- def get_allowed_scopes(self, request, view):
- try:
- return self.scope_map[request.method]
- except KeyError:
- return {}
- def has_permission(self, request, view):
- if request.auth:
- allowed_scopes = self.get_allowed_scopes(request, view)
- current_scopes = request.auth.get_scopes()
- return any(s in allowed_scopes for s in current_scopes)
- return bool(request.user and request.user.is_authenticated)
- def get_user_scopes(self, obj, user):
- return set()
- def has_object_permission(self, request, view, obj):
- allowed_scopes = self.get_allowed_scopes(request, view)
- current_scopes = self.get_user_scopes(obj, request.user)
- return any(s in allowed_scopes for s in current_scopes)
- class UserOnlyPermission(BasePermission):
- """
- Authentication method disallows tokens. User must be logged in via session.
- """
- def has_permission(self, request, view):
- if request.auth:
- return False
- return bool(request.user and request.user.is_authenticated)
- class UserRegistrationPermission(BasePermission):
- """
- If registration is closed, only first user can be created except by superuser.
- """
- def has_permission(self, request, view):
- return bool(
- is_user_registration_open() or (request.user and request.user.is_superuser)
- )
|