jumpserver/apps/common/permissions.py

# -*- coding: utf-8 -*-
#

from rest_framework import permissions


class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
    """Allows access to valid user, is active and not expired"""

    def has_permission(self, request, view):
        return super(IsValidUser, self).has_permission(request, view) \
            and request.user.is_valid


class IsAppUser(IsValidUser):
    """Allows access only to app user """

    def has_permission(self, request, view):
        return super(IsAppUser, self).has_permission(request, view) \
            and request.user.is_app


class IsSuperUser(IsValidUser):
    """Allows access only to superuser"""

    def has_permission(self, request, view):
        return super(IsSuperUser, self).has_permission(request, view) \
            and request.user.is_superuser


class IsSuperUserOrAppUser(IsValidUser):
    """Allows access between superuser and app user"""

    def has_permission(self, request, view):
        return super(IsSuperUserOrAppUser, self).has_permission(request, view) \
            and (request.user.is_superuser or request.user.is_app)


class IsSuperUserOrAppUserOrUserReadonly(IsSuperUserOrAppUser):
    def has_permission(self, request, view):
        if IsValidUser.has_permission(self, request, view) \
                and request.method in permissions.SAFE_METHODS:
            return True
        else:
            return IsSuperUserOrAppUser.has_permission(self, request, view)


class IsCurrentUserOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj == request.user
[Feature] 添加setting页面 7 years ago			`# -- coding: utf-8 --`
			`#`

			`from rest_framework import permissions`


			`class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):`
			`"""Allows access to valid user, is active and not expired"""`

			`def has_permission(self, request, view):`
			`return super(IsValidUser, self).has_permission(request, view) \`
			`and request.user.is_valid`


			`class IsAppUser(IsValidUser):`
			`"""Allows access only to app user """`

			`def has_permission(self, request, view):`
			`return super(IsAppUser, self).has_permission(request, view) \`
			`and request.user.is_app`


			`class IsSuperUser(IsValidUser):`
			`"""Allows access only to superuser"""`

			`def has_permission(self, request, view):`
			`return super(IsSuperUser, self).has_permission(request, view) \`
			`and request.user.is_superuser`


			`class IsSuperUserOrAppUser(IsValidUser):`
			`"""Allows access between superuser and app user"""`

			`def has_permission(self, request, view):`
			`return super(IsSuperUserOrAppUser, self).has_permission(request, view) \`
			`and (request.user.is_superuser or request.user.is_app)`


			`class IsSuperUserOrAppUserOrUserReadonly(IsSuperUserOrAppUser):`
			`def has_permission(self, request, view):`
			`if IsValidUser.has_permission(self, request, view) \`
			`and request.method in permissions.SAFE_METHODS:`
			`return True`
			`else:`
			`return IsSuperUserOrAppUser.has_permission(self, request, view)`


			`class IsCurrentUserOrReadOnly(permissions.BasePermission):`
			`def has_object_permission(self, request, view, obj):`
			`if request.method in permissions.SAFE_METHODS:`
			`return True`
			`return obj == request.user`