first push
This commit is contained in:
329
authentication/permissions.py
Normal file
329
authentication/permissions.py
Normal file
@@ -0,0 +1,329 @@
|
||||
|
||||
# ویوست ها و توابعی که برای ایجاد سطج دستزسی جدید در سیستم استفاده میشوند
|
||||
|
||||
|
||||
from rest_framework.permissions import BasePermission, DjangoModelPermissions
|
||||
# from django.utils.datetime_safe import datetime
|
||||
from authentication.models import UserProfile
|
||||
from django.contrib.auth.models import Group
|
||||
from datetime import timedelta, datetime
|
||||
from rest_framework import permissions
|
||||
from django.utils import timezone
|
||||
|
||||
|
||||
class IsAuthenticatedOrCreate(permissions.IsAuthenticated):
|
||||
def has_permission(self, request, view):
|
||||
if request.method == 'POST':
|
||||
return True
|
||||
return super(IsAuthenticatedOrCreate, self).has_permission(request, view)
|
||||
|
||||
|
||||
class IsOwner(permissions.BasePermission):
|
||||
message = "Not an owner."
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
return request.user == obj.created_by
|
||||
|
||||
|
||||
class AuthorOrReadOnly(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_authenticated:
|
||||
return True
|
||||
return False
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if obj.author == request.user:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class AuthenticatedOnly(permissions.BasePermission):
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.user.is_authenticated:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class AuthorAllStaffAllButEditOrReadOnly(permissions.BasePermission):
|
||||
edit_methods = ("PUT", "PATCH")
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_authenticated:
|
||||
return True
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.user.is_superuser:
|
||||
return True
|
||||
|
||||
if request.method in permissions.SAFE_METHODS:
|
||||
return True
|
||||
|
||||
if obj.author == request.user:
|
||||
return True
|
||||
|
||||
if request.user.is_staff and request.method not in self.edit_methods:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
|
||||
class ExpiredObjectSuperuserOnly(permissions.BasePermission):
|
||||
message = "This object is expired." # custom error message
|
||||
|
||||
def object_expired(self, obj):
|
||||
expired_on = timezone.make_aware(datetime.now() - timedelta(minutes=10))
|
||||
return obj.created < expired_on
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
|
||||
if self.object_expired(obj) and not request.user.is_superuser:
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
|
||||
|
||||
class IsStaff(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_staff:
|
||||
return True
|
||||
return False
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if request.user.is_staff:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class IsOwner2(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_authenticated:
|
||||
return True
|
||||
return False
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
if obj.author == request.user:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class IsFinancesMember(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Finances").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsCustomer(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Customer").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsOperator(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Operator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsSaler(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Saler").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsSupervisor(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Supervisor").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsStorekeeper(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Storekeeper").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsDeliveryMember(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Delivery").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsAdminMember(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="Admin").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsChatRoomOperator(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="ChatRoomOperator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsInformationOperator(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="InformationOperator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsFinanceUnitOperator(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="FinancialUnitOperator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsFinanceUnitAdmin(permissions.BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.groups.filter(name="FinancialUnitAdmin").exists():
|
||||
return True
|
||||
|
||||
|
||||
class IsSuperUser(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return request.user and request.user.is_superuser
|
||||
|
||||
|
||||
class CityOperator(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="CityOperator").exists():
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
class ProvinceOperator(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="ProvinceOperator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class Poultry(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if UserProfile.objects.filter(user__exact=request.user, role__exact="Poultry").exists():
|
||||
return True
|
||||
|
||||
|
||||
class KillHouseOperator(BasePermission):
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if UserProfile.objects.filter(user__exact=request.user, role__exact="KillHouseOperator").exists():
|
||||
return True
|
||||
|
||||
|
||||
class OwnerOrModelPermission(DjangoModelPermissions):
|
||||
|
||||
def __same_user(self, obj, request):
|
||||
from django.contrib.auth.models import User
|
||||
return isinstance(obj, User) and obj.id == request.user.id
|
||||
|
||||
def __is_owner(self, obj, request):
|
||||
return hasattr(obj, 'owner') and obj.owner is not None and self.__same_user(obj.owner, request)
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return request.user.is_superuser or DjangoModelPermissions().has_permission(request, view)
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return request.user.is_superuser or self.__same_user(
|
||||
obj, request) or self.__is_owner(
|
||||
obj, request) or DjangoModelPermissions().has_object_permission(request, view, obj)
|
||||
|
||||
|
||||
class PaymentRequiredPermission(DjangoModelPermissions):
|
||||
def can_operate(self, request):
|
||||
return request.user.has_paid()
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return self.can_operate(request)
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return self.can_operate(request)
|
||||
|
||||
|
||||
class IsUser(BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
return request.user and request.user.is_superuser
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return request.user.is_superuser or obj.user.id == request.user.id
|
||||
|
||||
|
||||
class APIPermission(permissions.BasePermission):
|
||||
message = 'Only API user can access APIs'
|
||||
|
||||
group_name = "api"
|
||||
|
||||
def has_permission(self, request, view):
|
||||
try:
|
||||
group = request.user.groups.get(name=self.group_name)
|
||||
except Group.DoesNotExist:
|
||||
self.message = "Permission denied, user group '{}' does not exists".format(self.group_name)
|
||||
return False
|
||||
return group.name == self.group_name
|
||||
|
||||
|
||||
def _is_in_group(user, group_name):
|
||||
"""
|
||||
Takes a user and a group name, and returns `True` if the user is in that group.
|
||||
"""
|
||||
try:
|
||||
return Group.objects.get(name=group_name).user_set.filter(id=user.id).exists()
|
||||
except Group.DoesNotExist:
|
||||
return None
|
||||
|
||||
|
||||
def _has_group_permission(user, required_groups):
|
||||
return any([_is_in_group(user, group_name) for group_name in required_groups])
|
||||
|
||||
|
||||
class IsLoggedInUserOrAdmin(permissions.BasePermission):
|
||||
# group_name for super admin
|
||||
required_groups = ['admin']
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
||||
if self.required_groups is None:
|
||||
return False
|
||||
return obj == request.user or has_group_permission
|
||||
|
||||
|
||||
class IsAdminUser(permissions.BasePermission):
|
||||
# group_name for super admin
|
||||
required_groups = ['admin']
|
||||
|
||||
def has_permission(self, request, view):
|
||||
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
||||
return request.user and has_group_permission
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
||||
return request.user and has_group_permission
|
||||
|
||||
|
||||
class IsAdminOrAnonymousUser(permissions.BasePermission):
|
||||
required_groups = ['admin', 'anonymous']
|
||||
|
||||
def has_permission(self, request, view):
|
||||
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
||||
return request.user and has_group_permission
|
||||
Reference in New Issue
Block a user