Permissions 1

UTNkar · Dec 14, 2023 · a82dbf1 · a82dbf1
1 parent 26cc620
commit a82dbf1
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 9 deletions.
diff --git a/src/customPermissions.py b/src/customPermissions.py
@@ -0,0 +1,16 @@
+from rest_framework.permissions import BasePermission
+
+class ReadAndCreate(BasePermission):
+    """
+        Authenticated user can create but not delete or update.
+    """
+    def has_permission(self, request, view):
+        return True if request.method in ["GET", "HEAD", "OPTIONS", "POST"] else False
+
+class ReadCreateUpdate(BasePermission):
+    """
+        Authenticated user can create and update but not delete.
+    """
+    def has_permission(self, request, view):
+        return True if request.method not in ["DELETE"] else False
+
diff --git a/src/events/views/api.py b/src/events/views/api.py
@@ -7,27 +7,27 @@
 from events.models.application import EventApplication
 from events.models.ticket import Ticket
 
-class CostsViewSet(viewsets.ModelViewSet):
+class CostsViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = CostsSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Costs.objects.all()
 
-class EventViewSet(viewsets.ModelViewSet):
+class EventViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = EventSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Event.objects.all()
 
-class ParticipantViewSet(viewsets.ModelViewSet):
+class ParticipantViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = ParticipantSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Participant.objects.all()
 
-class EventApplicationViewSet(viewsets.ModelViewSet):
+class EventApplicationViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = EventApplicationSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = EventApplication.objects.all()
 
-class TicketViewSet(viewsets.ModelViewSet):
+class TicketViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = TicketSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Ticket.objects.all()

diff --git a/src/involvement/views/position_api.py b/src/involvement/views/position_api.py
@@ -1,14 +1,14 @@
-from rest_framework import viewsets
+from rest_framework import viewsets, mixins
 from involvement.serializers.position_serializer import PositionSerializer, PositionDepthSerializer
-from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from rest_framework.permissions import IsAuthenticatedOrReadOnly,
 from involvement.models.position import Position
 
-class PositionViewSet(viewsets.ModelViewSet):
+class PositionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = PositionSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Position.objects.all()
 
-class Position2ViewSet(viewsets.ModelViewSet):
+class Position2ViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = PositionDepthSerializer
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Position.objects.all()