Skip to content
Snippets Groups Projects
Commit 0e9d057c authored by Samuel GAIST's avatar Samuel GAIST
Browse files

[common][permissions] Improve IsAuthor permission 

IsAuthor requires that the user be authenticated so
use the corresponding base class.
parent 8c136bb3
No related branches found
No related tags found
No related merge requests found
This commit is part of merge request !327. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
beat/web/common/permissions.py
+ 9
4
View file @ 0e9d057c
...@@ -27,21 +27,26 @@ ...@@ -27,21 +27,26 @@
from rest_framework import permissions from rest_framework import permissions
class IsSuperuser(permissions.BasePermission): class IsSuperuser(permissions.BasePermission):
""" """
Global permission check for super user Global permission check for super user
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return request.user.is_superuser return request.user.is_superuser
class IsAuthor(permissions.BasePermission): class IsAuthor(permissions.IsAuthenticated):
""" """
Global permission check that verify if the user Global permission check that verify if the user
is also the onwer of the asked data is also the onwer of the asked data
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
kwargs = request.parser_context.get('kwargs') allowed = super().has_permission(request, view)
author_name = kwargs.get('author_name') if allowed:
return request.user.username == author_name kwargs = request.parser_context.get("kwargs")
author_name = kwargs.get("author_name")
allowed = request.user.username == author_name
return allowed
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment