2025-01-02 23:02:38 +01:00
|
|
|
# permissions.py
|
2025-01-03 22:42:02 +01:00
|
|
|
from rest_framework import permissions
|
|
|
|
|
2025-01-02 23:02:38 +01:00
|
|
|
|
|
|
|
def check_admin(user):
|
|
|
|
"""check for admin permission for restricted views"""
|
|
|
|
return user.is_staff or user.groups.filter(name="admin").exists()
|
|
|
|
|
2025-01-03 22:42:02 +01:00
|
|
|
|
|
|
|
class AdminOnly(permissions.BasePermission):
|
|
|
|
"""allow only admin"""
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
return check_admin(request.user)
|
|
|
|
|
2025-01-03 22:42:33 +01:00
|
|
|
|
|
|
|
class AdminOnlyOrReadOnly(permissions.BasePermission):
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
if request.method in permissions.SAFE_METHODS:
|
|
|
|
return True
|
|
|
|
return check_admin(request.user)
|
|
|
|
|