Gallery-Archivist/archivist/apps/api/permissions.py

# permissions.py
from rest_framework import permissions


def check_admin(user):
    """check for admin permission for restricted views"""
    return user.is_staff or user.groups.filter(name="admin").exists()


class AdminOnly(permissions.BasePermission):
    """allow only admin"""

    def has_permission(self, request, view):
        return check_admin(request.user)


class AdminOnlyOrReadOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        return check_admin(request.user)
Add api admin check 2025-01-02 23:02:38 +01:00			`# permissions.py`
Add admin only permission for api 2025-01-03 22:42:02 +01:00			`from rest_framework import permissions`

Add api admin check 2025-01-02 23:02:38 +01:00
			`def check_admin(user):`
			`"""check for admin permission for restricted views"""`
			`return user.is_staff or user.groups.filter(name="admin").exists()`

Add admin only permission for api 2025-01-03 22:42:02 +01:00
			`class AdminOnly(permissions.BasePermission):`
			`"""allow only admin"""`

			`def has_permission(self, request, view):`
			`return check_admin(request.user)`

Add admin only or read only permission for api 2025-01-03 22:42:33 +01:00
			`class AdminOnlyOrReadOnly(permissions.BasePermission):`
			`def has_permission(self, request, view):`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`
			`return check_admin(request.user)`