You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

54 lines
1.6 KiB

from django.conf import settings
from rest_framework.permissions import BasePermission, SAFE_METHODS
from .models import Member
class RolePermission(BasePermission):
UNSAFE_METHODS = ("POST", "PATCH", "DELETE")
unsafe_methods_check = True
role_name = ""
@classmethod
def get_project_id(cls, request, view):
return view.kwargs.get("project_id") or request.query_params.get("project_id")
def has_permission(self, request, view):
if request.user.is_superuser:
return True
if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
return request.user.is_superuser
project_id = self.get_project_id(request, view)
if not project_id and request.method in SAFE_METHODS:
return True
return Member.objects.has_role(project_id, request.user, self.role_name)
class IsProjectAdmin(RolePermission):
unsafe_methods_check = False
role_name = settings.ROLE_PROJECT_ADMIN
class IsAnnotatorAndReadOnly(RolePermission):
role_name = settings.ROLE_ANNOTATOR
class IsAnnotator(RolePermission):
unsafe_methods_check = False
role_name = settings.ROLE_ANNOTATOR
class IsAnnotationApproverAndReadOnly(RolePermission):
role_name = settings.ROLE_ANNOTATION_APPROVER
class IsAnnotationApprover(RolePermission):
unsafe_methods_check = False
role_name = settings.ROLE_ANNOTATION_APPROVER
IsProjectMember = IsAnnotator | IsAnnotationApprover | IsProjectAdmin # type: ignore
IsProjectStaffAndReadOnly = IsAnnotatorAndReadOnly | IsAnnotationApproverAndReadOnly # type: ignore