2021-03-24 11:01:35 +00:00
|
|
|
from rest_framework import permissions
|
|
|
|
|
|
2023-04-21 09:31:39 +00:00
|
|
|
from rbac.builtin import BuiltinRole
|
2022-07-04 03:29:39 +00:00
|
|
|
from .utils import is_auth_password_time_valid
|
2021-03-24 11:01:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class IsAuthPasswdTimeValid(permissions.IsAuthenticated):
|
|
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
|
return super().has_permission(request, view) \
|
2023-04-21 09:31:39 +00:00
|
|
|
and is_auth_password_time_valid(request.session)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserObjectPermission(permissions.BasePermission):
|
|
|
|
|
|
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
|
if view.action not in ['update', 'partial_update', 'destroy']:
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
user = request.user
|
|
|
|
|
if user.is_superuser:
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
system_admin_id = BuiltinRole.system_admin.id
|
|
|
|
|
return system_admin_id not in [
|
|
|
|
|
str(r.id) for r in obj.system_roles.all()
|
|
|
|
|
]
|
