[common][permissions] Implement permissions from various mixins

This will allow to remove mixins that where going special permission management. Removing these mixins will allow for more flexibility with regard to permission management.

[common][permissions] Implement permissions from various mixins
47cdc304 · Samuel GAIST · e34a2941 · 47cdc304
Commit 47cdc304 authored 4 years ago by Samuel GAIST
--- a/beat/web/common/permissions.py
+++ b/beat/web/common/permissions.py
@@ -50,3 +50,41 @@ class IsAuthor(permissions.IsAuthenticated):
            author_name = kwargs.get("author_name")
            allowed = request.user.username == author_name
        return allowed
+
+
+class IsAuthorOrReadOnly(IsAuthor):
+    """
+    Either allow access if using a read method or
+    check that the user is also the author.
+    """
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return super().has_permission(request, view)
+
+
+class IsAdminOrReadOnly(permissions.IsAdminUser):
+    """
+    Either allow access if using a read method or
+    check that the user is an admin.
+    """
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return super().has_permission(request, view)
+
+
+class IsModifiableOrRead(permissions.BasePermission):
+    """
+    Check for modifiable flag if there's a modification that is tried
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return obj.modifiable()