mirror of https://github.com/jumpserver/jumpserver
53 lines
1.7 KiB
Python
53 lines
1.7 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from rest_framework import permissions
|
|
|
|
|
|
class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
|
|
"""Allows access to valid user, is active and not expired"""
|
|
|
|
def has_permission(self, request, view):
|
|
return super(IsValidUser, self).has_permission(request, view) \
|
|
and request.user.is_valid
|
|
|
|
|
|
class IsAppUser(IsValidUser):
|
|
"""Allows access only to app user """
|
|
|
|
def has_permission(self, request, view):
|
|
return super(IsAppUser, self).has_permission(request, view) \
|
|
and request.user.is_app
|
|
|
|
|
|
class IsSuperUser(IsValidUser):
|
|
"""Allows access only to superuser"""
|
|
|
|
def has_permission(self, request, view):
|
|
return super(IsSuperUser, self).has_permission(request, view) \
|
|
and request.user.is_superuser
|
|
|
|
|
|
class IsSuperUserOrAppUser(IsValidUser):
|
|
"""Allows access between superuser and app user"""
|
|
|
|
def has_permission(self, request, view):
|
|
return super(IsSuperUserOrAppUser, self).has_permission(request, view) \
|
|
and (request.user.is_superuser or request.user.is_app)
|
|
|
|
|
|
class IsSuperUserOrAppUserOrUserReadonly(IsSuperUserOrAppUser):
|
|
def has_permission(self, request, view):
|
|
if IsValidUser.has_permission(self, request, view) \
|
|
and request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
else:
|
|
return IsSuperUserOrAppUser.has_permission(self, request, view)
|
|
|
|
|
|
class IsCurrentUserOrReadOnly(permissions.BasePermission):
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method in permissions.SAFE_METHODS:
|
|
return True
|
|
return obj == request.user
|