[common][permissions] Improve IsAuthor permission

IsAuthor requires that the user be authenticated so use the corresponding base class.

[common][permissions] Improve IsAuthor permission
e34a2941 · Samuel GAIST · edf38f08 · e34a2941
Commit e34a2941 authored 4 years ago by Samuel GAIST
--- a/beat/web/common/permissions.py
+++ b/beat/web/common/permissions.py
@@ -27,21 +27,26 @@

 from rest_framework import permissions

+
 class IsSuperuser(permissions.BasePermission):
    """
    Global permission check for super user
    """
+
    def has_permission(self, request, view):
        return request.user.is_superuser


-class IsAuthor(permissions.BasePermission):
+class IsAuthor(permissions.IsAuthenticated):
    """
    Global permission check that verify if the user
    is also the onwer of the asked data
    """

    def has_permission(self, request, view):
-        kwargs = request.parser_context.get('kwargs')
-        author_name = kwargs.get('author_name')
-        return request.user.username == author_name
+        allowed = super().has_permission(request, view)
+        if allowed:
+            kwargs = request.parser_context.get("kwargs")
+            author_name = kwargs.get("author_name")
+            allowed = request.user.username == author_name
+        return allowed