[Answered ]-Django – How to grant custom permissions to some users in DRF?

2👍

✅

class CheckAPIPermissions(permissions.BasePermission): 
    # allow retrieve if userprofile.allowReadAPI is True 
    # allow update if user userprofile.allowUpdateAPI is True 

    def has_permission(self, request, view): 
        if request.user.is_superuser:
            return True
        elif request.user and request.user.is_authenticated():
            if (request.user.userprofile.allowRetrieveAPI or request.user.userprofile.allowUpdateAPI) and view.action == 'retrieve':
                return True
            elif request.user.userprofile.allowUpdateAPI and view.action == 'update':
                return True
        return False

    def check_object_permission(self, user, obj): 
        return (user and user.is_authenticated() and (user.is_staff or obj == user)) 


    def has_object_permission(self, request, view, obj): 
        if request.user.is_superuser:
            return True
        elif request.user and request.user.is_authenticated():
            if (request.user.userprofile.allowRetrieveAPI or request.user.userprofile.allowUpdateAPI) and view.action == 'retrieve':
                return request.user == obj
            elif request.user.userprofile.allowUpdateAPI and view.action == 'update':
                return request.user == obj
        return False

I haven’t tested it, wrote just in a nick of time.

👤zaidfazil

[Answered ]-How to resize an image in Python without using Pillow

Source:stackexchange.com

Leave a comment Cancel reply