You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

54 lines
1.6 KiB

  1. from django.conf import settings
  2. from rest_framework.permissions import BasePermission, SAFE_METHODS
  3. from .models import Member
  4. class RolePermission(BasePermission):
  5. UNSAFE_METHODS = ('POST', 'PATCH', 'DELETE')
  6. unsafe_methods_check = True
  7. role_name = ''
  8. @classmethod
  9. def get_project_id(cls, request, view):
  10. return view.kwargs.get('project_id') or request.query_params.get('project_id')
  11. def has_permission(self, request, view):
  12. if request.user.is_superuser:
  13. return True
  14. if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
  15. return request.user.is_superuser
  16. project_id = self.get_project_id(request, view)
  17. if not project_id and request.method in SAFE_METHODS:
  18. return True
  19. return Member.objects.has_role(project_id, request.user, self.role_name)
  20. class IsProjectAdmin(RolePermission):
  21. unsafe_methods_check = False
  22. role_name = settings.ROLE_PROJECT_ADMIN
  23. class IsAnnotatorAndReadOnly(RolePermission):
  24. role_name = settings.ROLE_ANNOTATOR
  25. class IsAnnotator(RolePermission):
  26. unsafe_methods_check = False
  27. role_name = settings.ROLE_ANNOTATOR
  28. class IsAnnotationApproverAndReadOnly(RolePermission):
  29. role_name = settings.ROLE_ANNOTATION_APPROVER
  30. class IsAnnotationApprover(RolePermission):
  31. unsafe_methods_check = False
  32. role_name = settings.ROLE_ANNOTATION_APPROVER
  33. IsProjectMember = (IsAnnotator | IsAnnotationApprover | IsProjectAdmin)
  34. IsProjectStaffAndReadOnly = (IsAnnotatorAndReadOnly | IsAnnotationApproverAndReadOnly)