MNPC/Rasadyar_Marzaki
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Rasadyar_Marzaki/authentication/permissions.py
mostafa7171 6bcd71d9ec first push
2026-01-18 11:45:53 +03:30

330 lines
9.7 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ویوست ها و توابعی که برای ایجاد سطج دستزسی جدید در سیستم استفاده میشوند
from rest_framework.permissions import BasePermission, DjangoModelPermissions
# from django.utils.datetime_safe import datetime
from authentication.models import UserProfile
from django.contrib.auth.models import Group
from datetime import timedelta, datetime
from rest_framework import permissions
from django.utils import timezone
class IsAuthenticatedOrCreate(permissions.IsAuthenticated):
def has_permission(self, request, view):
if request.method == 'POST':
return True
return super(IsAuthenticatedOrCreate, self).has_permission(request, view)
class IsOwner(permissions.BasePermission):
message = "Not an owner."
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return request.user == obj.created_by
class AuthorOrReadOnly(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.is_authenticated:
return True
return False
def has_object_permission(self, request, view, obj):
if obj.author == request.user:
return True
return False
class AuthenticatedOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.user.is_authenticated:
return True
return False
class AuthorAllStaffAllButEditOrReadOnly(permissions.BasePermission):
edit_methods = ("PUT", "PATCH")
def has_permission(self, request, view):
if request.user.is_authenticated:
return True
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
return True
if request.method in permissions.SAFE_METHODS:
return True
if obj.author == request.user:
return True
if request.user.is_staff and request.method not in self.edit_methods:
return True
return False
class ExpiredObjectSuperuserOnly(permissions.BasePermission):
message = "This object is expired." # custom error message
def object_expired(self, obj):
expired_on = timezone.make_aware(datetime.now() - timedelta(minutes=10))
return obj.created < expired_on
def has_object_permission(self, request, view, obj):
if self.object_expired(obj) and not request.user.is_superuser:
return False
else:
return True
class IsStaff(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.is_staff:
return True
return False
def has_object_permission(self, request, view, obj):
if request.user.is_staff:
return True
return False
class IsOwner2(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.is_authenticated:
return True
return False
def has_object_permission(self, request, view, obj):
if obj.author == request.user:
return True
return False
class IsFinancesMember(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Finances").exists():
return True
class IsCustomer(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Customer").exists():
return True
class IsOperator(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Operator").exists():
return True
class IsSaler(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Saler").exists():
return True
class IsSupervisor(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Supervisor").exists():
return True
class IsStorekeeper(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Storekeeper").exists():
return True
class IsDeliveryMember(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Delivery").exists():
return True
class IsAdminMember(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="Admin").exists():
return True
class IsChatRoomOperator(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="ChatRoomOperator").exists():
return True
class IsInformationOperator(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="InformationOperator").exists():
return True
class IsFinanceUnitOperator(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="FinancialUnitOperator").exists():
return True
class IsFinanceUnitAdmin(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.groups.filter(name="FinancialUnitAdmin").exists():
return True
class IsSuperUser(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_superuser
class CityOperator(BasePermission):
def has_permission(self, request, view):
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="CityOperator").exists():
return True
else:
return False
class ProvinceOperator(BasePermission):
def has_permission(self, request, view):
if UserProfile.objects.filter(user__exact=request.user, role__name__exact="ProvinceOperator").exists():
return True
class Poultry(BasePermission):
def has_permission(self, request, view):
if UserProfile.objects.filter(user__exact=request.user, role__exact="Poultry").exists():
return True
class KillHouseOperator(BasePermission):
def has_permission(self, request, view):
if UserProfile.objects.filter(user__exact=request.user, role__exact="KillHouseOperator").exists():
return True
class OwnerOrModelPermission(DjangoModelPermissions):
def __same_user(self, obj, request):
from django.contrib.auth.models import User
return isinstance(obj, User) and obj.id == request.user.id
def __is_owner(self, obj, request):
return hasattr(obj, 'owner') and obj.owner is not None and self.__same_user(obj.owner, request)
def has_permission(self, request, view):
return request.user.is_superuser or DjangoModelPermissions().has_permission(request, view)
def has_object_permission(self, request, view, obj):
return request.user.is_superuser or self.__same_user(
obj, request) or self.__is_owner(
obj, request) or DjangoModelPermissions().has_object_permission(request, view, obj)
class PaymentRequiredPermission(DjangoModelPermissions):
def can_operate(self, request):
return request.user.has_paid()
def has_permission(self, request, view):
return self.can_operate(request)
def has_object_permission(self, request, view, obj):
return self.can_operate(request)
class IsUser(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_superuser
def has_object_permission(self, request, view, obj):
return request.user.is_superuser or obj.user.id == request.user.id
class APIPermission(permissions.BasePermission):
message = 'Only API user can access APIs'
group_name = "api"
def has_permission(self, request, view):
try:
group = request.user.groups.get(name=self.group_name)
except Group.DoesNotExist:
self.message = "Permission denied, user group '{}' does not exists".format(self.group_name)
return False
return group.name == self.group_name
def _is_in_group(user, group_name):
"""
Takes a user and a group name, and returns `True` if the user is in that group.
"""
try:
return Group.objects.get(name=group_name).user_set.filter(id=user.id).exists()
except Group.DoesNotExist:
return None
def _has_group_permission(user, required_groups):
return any([_is_in_group(user, group_name) for group_name in required_groups])
class IsLoggedInUserOrAdmin(permissions.BasePermission):
# group_name for super admin
required_groups = ['admin']
def has_object_permission(self, request, view, obj):
has_group_permission = _has_group_permission(request.user, self.required_groups)
if self.required_groups is None:
return False
return obj == request.user or has_group_permission
class IsAdminUser(permissions.BasePermission):
# group_name for super admin
required_groups = ['admin']
def has_permission(self, request, view):
has_group_permission = _has_group_permission(request.user, self.required_groups)
return request.user and has_group_permission
def has_object_permission(self, request, view, obj):
has_group_permission = _has_group_permission(request.user, self.required_groups)
return request.user and has_group_permission
class IsAdminOrAnonymousUser(permissions.BasePermission):
required_groups = ['admin', 'anonymous']
def has_permission(self, request, view):
has_group_permission = _has_group_permission(request.user, self.required_groups)
return request.user and has_group_permission
Reference in New Issue View Git Blame Copy Permalink