22 lines
593 B
Python
22 lines
593 B
Python
# permissions.py
|
|
from rest_framework import permissions
|
|
|
|
|
|
def check_admin(user):
|
|
"""check for admin permission for restricted views"""
|
|
return user.is_staff or user.groups.filter(name="admin").exists()
|
|
|
|
|
|
class AdminOnly(permissions.BasePermission):
|
|
"""allow only admin"""
|
|
|
|
def has_permission(self, request, view):
|
|
return check_admin(request.user)
|
|
|
|
|
|
class AdminOnlyOrReadOnly(permissions.BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
return check_admin(request.user)
|
|
|