Coverage for jutil/permissions.py: 0%

12 statements  

« prev     ^ index     » next       coverage.py v6.5.0, created at 2022-10-07 16:40 -0500

1from rest_framework import permissions 

2 

3 

4class UserIsOwner(permissions.BasePermission): 

5 """ 

6 Object-level permission to only allow authorized users of an object to edit it. 

7 Assumes the model instance has an `user` attribute (can be overriden with user_field). 

8 """ 

9 

10 user_field = "user" 

11 

12 def has_object_permission(self, request, view, obj): 

13 if not hasattr(obj, self.user_field): 

14 raise Exception("UserIsOwner: obj.{} does not exist: {}".format(self.user_field, obj)) 

15 u = request.user 

16 return u and u.is_authenticated and getattr(obj, self.user_field) == u 

17 

18 

19class IsSameUser(permissions.BasePermission): 

20 """ 

21 Allow access to use only to user himself. 

22 """ 

23 

24 def has_object_permission(self, request, view, obj): 

25 u = request.user 

26 return u and u.is_authenticated and obj.id == u.id