330 lines
9.7 KiB
Python
330 lines
9.7 KiB
Python
|
|
|||
|
|
# ویوست ها و توابعی که برای ایجاد سطج دستزسی جدید در سیستم استفاده میشوند
|
|||
|
|
|
|||
|
|
|
|||
|
|
from rest_framework.permissions import BasePermission, DjangoModelPermissions
|
|||
|
|
# from django.utils.datetime_safe import datetime
|
|||
|
|
from authentication.models import UserProfile
|
|||
|
|
from django.contrib.auth.models import Group
|
|||
|
|
from datetime import timedelta, datetime
|
|||
|
|
from rest_framework import permissions
|
|||
|
|
from django.utils import timezone
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsAuthenticatedOrCreate(permissions.IsAuthenticated):
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.method == 'POST':
|
|||
|
|
return True
|
|||
|
|
return super(IsAuthenticatedOrCreate, self).has_permission(request, view)
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsOwner(permissions.BasePermission):
|
|||
|
|
message = "Not an owner."
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if request.method in permissions.SAFE_METHODS:
|
|||
|
|
return True
|
|||
|
|
return request.user == obj.created_by
|
|||
|
|
|
|||
|
|
|
|||
|
|
class AuthorOrReadOnly(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.is_authenticated:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if obj.author == request.user:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class AuthenticatedOnly(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if request.user.is_authenticated:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class AuthorAllStaffAllButEditOrReadOnly(permissions.BasePermission):
|
|||
|
|
edit_methods = ("PUT", "PATCH")
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.is_authenticated:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if request.user.is_superuser:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
if request.method in permissions.SAFE_METHODS:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
if obj.author == request.user:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
if request.user.is_staff and request.method not in self.edit_methods:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class ExpiredObjectSuperuserOnly(permissions.BasePermission):
|
|||
|
|
message = "This object is expired." # custom error message
|
|||
|
|
|
|||
|
|
def object_expired(self, obj):
|
|||
|
|
expired_on = timezone.make_aware(datetime.now() - timedelta(minutes=10))
|
|||
|
|
return obj.created < expired_on
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
|
|||
|
|
if self.object_expired(obj) and not request.user.is_superuser:
|
|||
|
|
return False
|
|||
|
|
else:
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsStaff(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.is_staff:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if request.user.is_staff:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsOwner2(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.is_authenticated:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
if obj.author == request.user:
|
|||
|
|
return True
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsFinancesMember(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Finances").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsCustomer(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Customer").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsOperator(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Operator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsSaler(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Saler").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsSupervisor(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Supervisor").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsStorekeeper(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Storekeeper").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsDeliveryMember(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Delivery").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsAdminMember(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="Admin").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsChatRoomOperator(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="ChatRoomOperator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsInformationOperator(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="InformationOperator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsFinanceUnitOperator(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="FinancialUnitOperator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsFinanceUnitAdmin(permissions.BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if request.user.groups.filter(name="FinancialUnitAdmin").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsSuperUser(BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
return request.user and request.user.is_superuser
|
|||
|
|
|
|||
|
|
|
|||
|
|
class CityOperator(BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="CityOperator").exists():
|
|||
|
|
return True
|
|||
|
|
else:
|
|||
|
|
return False
|
|||
|
|
|
|||
|
|
|
|||
|
|
class ProvinceOperator(BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="ProvinceOperator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class Poultry(BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if UserProfile.objects.filter(user__exact=request.user, role__exact="Poultry").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class KillHouseOperator(BasePermission):
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
if UserProfile.objects.filter(user__exact=request.user, role__exact="KillHouseOperator").exists():
|
|||
|
|
return True
|
|||
|
|
|
|||
|
|
|
|||
|
|
class OwnerOrModelPermission(DjangoModelPermissions):
|
|||
|
|
|
|||
|
|
def __same_user(self, obj, request):
|
|||
|
|
from django.contrib.auth.models import User
|
|||
|
|
return isinstance(obj, User) and obj.id == request.user.id
|
|||
|
|
|
|||
|
|
def __is_owner(self, obj, request):
|
|||
|
|
return hasattr(obj, 'owner') and obj.owner is not None and self.__same_user(obj.owner, request)
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
return request.user.is_superuser or DjangoModelPermissions().has_permission(request, view)
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
return request.user.is_superuser or self.__same_user(
|
|||
|
|
obj, request) or self.__is_owner(
|
|||
|
|
obj, request) or DjangoModelPermissions().has_object_permission(request, view, obj)
|
|||
|
|
|
|||
|
|
|
|||
|
|
class PaymentRequiredPermission(DjangoModelPermissions):
|
|||
|
|
def can_operate(self, request):
|
|||
|
|
return request.user.has_paid()
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
return self.can_operate(request)
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
return self.can_operate(request)
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsUser(BasePermission):
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
return request.user and request.user.is_superuser
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
return request.user.is_superuser or obj.user.id == request.user.id
|
|||
|
|
|
|||
|
|
|
|||
|
|
class APIPermission(permissions.BasePermission):
|
|||
|
|
message = 'Only API user can access APIs'
|
|||
|
|
|
|||
|
|
group_name = "api"
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
try:
|
|||
|
|
group = request.user.groups.get(name=self.group_name)
|
|||
|
|
except Group.DoesNotExist:
|
|||
|
|
self.message = "Permission denied, user group '{}' does not exists".format(self.group_name)
|
|||
|
|
return False
|
|||
|
|
return group.name == self.group_name
|
|||
|
|
|
|||
|
|
|
|||
|
|
def _is_in_group(user, group_name):
|
|||
|
|
"""
|
|||
|
|
Takes a user and a group name, and returns `True` if the user is in that group.
|
|||
|
|
"""
|
|||
|
|
try:
|
|||
|
|
return Group.objects.get(name=group_name).user_set.filter(id=user.id).exists()
|
|||
|
|
except Group.DoesNotExist:
|
|||
|
|
return None
|
|||
|
|
|
|||
|
|
|
|||
|
|
def _has_group_permission(user, required_groups):
|
|||
|
|
return any([_is_in_group(user, group_name) for group_name in required_groups])
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsLoggedInUserOrAdmin(permissions.BasePermission):
|
|||
|
|
# group_name for super admin
|
|||
|
|
required_groups = ['admin']
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
|||
|
|
if self.required_groups is None:
|
|||
|
|
return False
|
|||
|
|
return obj == request.user or has_group_permission
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsAdminUser(permissions.BasePermission):
|
|||
|
|
# group_name for super admin
|
|||
|
|
required_groups = ['admin']
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
|||
|
|
return request.user and has_group_permission
|
|||
|
|
|
|||
|
|
def has_object_permission(self, request, view, obj):
|
|||
|
|
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
|||
|
|
return request.user and has_group_permission
|
|||
|
|
|
|||
|
|
|
|||
|
|
class IsAdminOrAnonymousUser(permissions.BasePermission):
|
|||
|
|
required_groups = ['admin', 'anonymous']
|
|||
|
|
|
|||
|
|
def has_permission(self, request, view):
|
|||
|
|
has_group_permission = _has_group_permission(request.user, self.required_groups)
|
|||
|
|
return request.user and has_group_permission
|