mirror of https://github.com/jumpserver/jumpserver
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52 lines
1.7 KiB
52 lines
1.7 KiB
#!/usr/bin/env python |
|
# -*- coding: utf-8 -*- |
|
|
|
from rest_framework import permissions |
|
|
|
|
|
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission): |
|
"""Allows access to valid user, is active and not expired""" |
|
|
|
def has_permission(self, request, view): |
|
return super(IsValidUser, self).has_permission(request, view) \ |
|
and request.user.is_valid |
|
|
|
|
|
class IsAppUser(IsValidUser): |
|
"""Allows access only to app user """ |
|
|
|
def has_permission(self, request, view): |
|
return super(IsAppUser, self).has_permission(request, view) \ |
|
and request.user.is_app |
|
|
|
|
|
class IsSuperUser(IsValidUser): |
|
"""Allows access only to superuser""" |
|
|
|
def has_permission(self, request, view): |
|
return super(IsSuperUser, self).has_permission(request, view) \ |
|
and request.user.is_superuser |
|
|
|
|
|
class IsSuperUserOrAppUser(IsValidUser): |
|
"""Allows access between superuser and app user""" |
|
|
|
def has_permission(self, request, view): |
|
return super(IsSuperUserOrAppUser, self).has_permission(request, view) \ |
|
and (request.user.is_superuser or request.user.is_app) |
|
|
|
|
|
class IsSuperUserOrAppUserOrUserReadonly(IsSuperUserOrAppUser): |
|
def has_permission(self, request, view): |
|
if IsValidUser.has_permission(self, request, view) \ |
|
and request.method in permissions.SAFE_METHODS: |
|
return True |
|
else: |
|
return IsSuperUserOrAppUser.has_permission(self, request, view) |
|
|
|
|
|
class IsCurrentUserOrReadOnly(permissions.BasePermission): |
|
def has_object_permission(self, request, view, obj): |
|
if request.method in permissions.SAFE_METHODS: |
|
return True |
|
return obj == request.user
|
|
|