From a82dbf1df4af4e1838d848df848992ce26448225 Mon Sep 17 00:00:00 2001 From: Ankur Date: Thu, 14 Dec 2023 16:25:05 +0100 Subject: [PATCH] Permissions 1 --- src/customPermissions.py | 16 ++++++++++++++++ src/events/views/api.py | 10 +++++----- src/involvement/views/position_api.py | 8 ++++---- 3 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 src/customPermissions.py diff --git a/src/customPermissions.py b/src/customPermissions.py new file mode 100644 index 00000000..6fe57201 --- /dev/null +++ b/src/customPermissions.py @@ -0,0 +1,16 @@ +from rest_framework.permissions import BasePermission + +class ReadAndCreate(BasePermission): + """ + Authenticated user can create but not delete or update. + """ + def has_permission(self, request, view): + return True if request.method in ["GET", "HEAD", "OPTIONS", "POST"] else False + +class ReadCreateUpdate(BasePermission): + """ + Authenticated user can create and update but not delete. + """ + def has_permission(self, request, view): + return True if request.method not in ["DELETE"] else False + diff --git a/src/events/views/api.py b/src/events/views/api.py index 6c479f93..720e41f9 100644 --- a/src/events/views/api.py +++ b/src/events/views/api.py @@ -7,27 +7,27 @@ from events.models.application import EventApplication from events.models.ticket import Ticket -class CostsViewSet(viewsets.ModelViewSet): +class CostsViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = CostsSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Costs.objects.all() -class EventViewSet(viewsets.ModelViewSet): +class EventViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = EventSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Event.objects.all() -class ParticipantViewSet(viewsets.ModelViewSet): +class ParticipantViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = ParticipantSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Participant.objects.all() -class EventApplicationViewSet(viewsets.ModelViewSet): +class EventApplicationViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = EventApplicationSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = EventApplication.objects.all() -class TicketViewSet(viewsets.ModelViewSet): +class TicketViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = TicketSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Ticket.objects.all() diff --git a/src/involvement/views/position_api.py b/src/involvement/views/position_api.py index b1d35a0c..9d854f65 100644 --- a/src/involvement/views/position_api.py +++ b/src/involvement/views/position_api.py @@ -1,14 +1,14 @@ -from rest_framework import viewsets +from rest_framework import viewsets, mixins from involvement.serializers.position_serializer import PositionSerializer, PositionDepthSerializer -from rest_framework.permissions import IsAuthenticatedOrReadOnly +from rest_framework.permissions import IsAuthenticatedOrReadOnly, from involvement.models.position import Position -class PositionViewSet(viewsets.ModelViewSet): +class PositionViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = PositionSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Position.objects.all() -class Position2ViewSet(viewsets.ModelViewSet): +class Position2ViewSet(viewsets.ReadOnlyModelViewSet): serializer_class = PositionDepthSerializer permission_classes = [IsAuthenticatedOrReadOnly] queryset = Position.objects.all()