Python rest_framework.permissions.SAFE_METHODS Examples
The following are 30
code examples of rest_framework.permissions.SAFE_METHODS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
rest_framework.permissions
, or try the search function
.
.
Example #1
| Source File: views.py From peering-manager with Apache License 2.0 | 6 votes |
|
def configure(self, request, pk=None):
router = self.get_object()
# Check if the router runs on a supported platform
if not router.platform:
raise ServiceUnavailable("Unsupported router platform.")
# Check user permission first
if not request.user.has_perm("peering.deploy_configuration_router"):
return HttpResponseForbidden()
# Commit changes only if not using a GET request
error, changes = router.set_napalm_configuration(
router.generate_configuration(), commit=(request.method not in SAFE_METHODS)
)
return Response({"changed": not error, "changes": changes, "error": error})
Example #2
| Source File: OrganizationPermissions.py From tfrs with Apache License 2.0 | 6 votes |
|
def has_object_permission(self, request, view, obj):
"""Check permissions When an object does exist (PUT, GET)"""
if request.user.has_perm('EDIT_FUEL_SUPPLIERS'):
return True
# Users can always see themselves
if obj.id == request.user.id and \
request.method in permissions.SAFE_METHODS:
return True
if request.method == 'GET' and \
request.user.has_perm('VIEW_FUEL_SUPPLIERS'):
return True
if obj.id == request.user.organization.id and \
request.user.has_perm('EDIT_FUEL_SUPPLIER'):
return True
# not authorized
return False
Example #3
| Source File: openshift_all_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
|
def has_permission(self, request, view):
"""Check permission to view OCP-on-ALL data."""
if request.user.admin:
return True
resource_access = request.user.access
if resource_access is None or not isinstance(resource_access, dict):
return False
read_access = []
if request.method in permissions.SAFE_METHODS:
# Check permissions for read-only request
for resource_type in RESOURCE_TYPES:
res_type_access = resource_access.get(resource_type, {})
read_access.extend(res_type_access.get("read", []))
return len(read_access) > 0
return False
Example #4
| Source File: aws_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
|
def has_permission(self, request, view):
"""Check permission to view AWS data."""
if request.user.admin:
return True
resource_access = request.user.access
if resource_access is None or not isinstance(resource_access, dict):
return False
res_type_access = resource_access.get(AwsAccessPermission.resource_type, {})
if request.method in permissions.SAFE_METHODS:
# Check permissions for read-only request
read_access = res_type_access.get("read", [])
return len(read_access) > 0
return False
Example #5
| Source File: azure_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
|
def has_permission(self, request, view):
"""Check permission to view Azure data."""
if request.user.admin:
return True
resource_access = request.user.access
if resource_access is None or not isinstance(resource_access, dict):
return False
res_type_access = resource_access.get(AzureAccessPermission.resource_type, {})
if request.method in permissions.SAFE_METHODS:
# Check permissions for read-only request
read_access = res_type_access.get("read", [])
return len(read_access) > 0
return False
Example #6
| Source File: views.py From SchoolIdolAPI with Apache License 2.0 | 6 votes |
|
def get_queryset(self):
queryset = models.Activity.objects.all()
if self.request.method not in permissions.SAFE_METHODS:
# To check for permission
queryset = queryset.select_related('account', 'account__owner')
if 'expand_account' in self.request.query_params:
queryset = queryset.select_related('account')
if 'expand_liked_by' in self.request.query_params:
queryset = queryset.prefetch_related(Prefetch('likes', to_attr='liked_by'))
queryset = queryset.select_related('account', 'account__owner')
ordering = self.request.query_params.get('ordering', '')
if ('expand_total_likes' in self.request.query_params and 'expand_liked_by' not in self.request.query_params) or 'total_likes' in ordering:
queryset = queryset.annotate(total_likes=Count('likes'))
if ('expand_liked' in self.request.query_params and self.request.user.is_authenticated()
and 'expand_liked_by' not in self.request.query_params):
queryset = queryset.extra(select={'liked': 'SELECT COUNT(*) FROM api_activity_likes WHERE activity_id=api_activity.id AND user_id={}'.format(self.request.user.id) })
return queryset
Example #7
| Source File: cost_models_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
|
def has_permission(self, request, view):
"""Check permission based on the defined access."""
if request.user.admin:
return True
if not request.user.access:
return False
if request.method in permissions.SAFE_METHODS:
rates_read = request.user.access.get("rate", {}).get("read", [])
if rates_read:
return True
else:
rates_write = request.user.access.get("rate", {}).get("write", [])
if "*" in rates_write:
return True
if self.get_uuid_from_url(request) in rates_write:
return True
return False
Example #8
| Source File: permissions.py From drf-tutorial with MIT License | 5 votes |
|
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
return request.user.is_staff
Example #9
| Source File: ComplianceReport.py From tfrs with Apache License 2.0 | 5 votes |
|
def has_object_permission(self, request, view, obj):
"""Check permissions When an object does exist (PUT, GET)"""
# Users can only update their own compliance reports
if obj.organization == request.user.organization:
return True
if request.user.is_government_user:
# Government users can see compliance reports
if request.method in permissions.SAFE_METHODS:
return True
# Government users can manage compliance report statuses
if request.user.has_perm(
'ANALYST_RECOMMEND_ACCEPTANCE_COMPLIANCE_REPORT'
) or request.user.has_perm(
'ANALYST_RECOMMEND_REJECTION_COMPLIANCE_REPORT'
) or request.user.has_perm(
'MANAGER_RECOMMEND_ACCEPTANCE_COMPLIANCE_REPORT'
) or request.user.has_perm(
'MANAGER_RECOMMEND_REJECTION_COMPLIANCE_REPORT'
) or request.user.has_perm(
'APPROVE_CREDIT_TRANSFER' # Director
):
return True
return False
Example #10
| Source File: permissions.py From controller with MIT License | 5 votes |
|
def has_permission(self, request, view):
"""
Return `True` if permission is granted, `False` otherwise.
"""
return request.method in permissions.SAFE_METHODS or request.user.is_superuser
Example #11
| Source File: CompliancePeriod.py From tfrs with Apache License 2.0 | 5 votes |
|
def has_permission(self, request, view):
"""Check permissions When an object does not yet exist (POST)"""
if request.method in permissions.SAFE_METHODS:
return True
return request.user.has_perm('EDIT_COMPLIANCE_PERIODS')
Example #12
| Source File: permissions.py From drf-tutorial with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
return obj.created_by == request.user
Example #13
| Source File: auth.py From openduty with MIT License | 5 votes |
|
def has_permission(self, request, view):
return (
request.method not in SAFE_METHODS or
request.user and
request.user.is_authenticated()
)
Example #14
| Source File: permissions.py From semillas_platform with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the snippet.
return obj == request.user
Example #15
| Source File: permissions.py From Project-Dashboard-with-Django with MIT License | 5 votes |
|
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
if request.method == "POST":
return True
return request.user and request.user.is_superuser
Example #16
| Source File: permissions.py From Project-Dashboard-with-Django with MIT License | 5 votes |
|
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
return request.user and request.user.is_superuser
Example #17
| Source File: permissions.py From python-sample-tweeterapp with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
# Allow read only permissions to any user
# to view the tweet
return True
else:
# Check that the request user owns the object
# being edited
return obj.user == request.user
Example #18
| Source File: permissions.py From SchoolIdolAPI with Apache License 2.0 | 5 votes |
|
def has_object_permission(self, request, view, obj=None):
return (
request.method in permissions.SAFE_METHODS
or (request.user.is_authenticated() and request.user.is_staff)
)
Example #19
| Source File: DocumentComment.py From tfrs with Apache License 2.0 | 5 votes |
|
def has_object_permission(self, request, view, obj):
"""Check permissions When an object does exist (PUT, GET)"""
# Users can always see and edit their own comments
if obj.create_user == request.user:
return True
# And see but not edit those from their others in their own
# organization
if obj.create_user.organization == request.user.organization and \
request.method in permissions.SAFE_METHODS:
return True
# Government roles can always view comments
# and can view or edit privileged comments with correct permission
if request.user.is_government_user:
# read
if request.method in permissions.SAFE_METHODS:
if obj.privileged_access:
return request.user.has_perm('DOCUMENTS_VIEW')
return True
# write
if request.method not in permissions.SAFE_METHODS:
if obj.privileged_access:
return request.user.has_perm('DOCUMENTS_GOVERNMENT_REVIEW')
return True
# not authorized
return False
Example #20
| Source File: CreditTradeComment.py From tfrs with Apache License 2.0 | 5 votes |
|
def has_object_permission(self, request, view, obj):
"""Check permissions When an object does exist (PUT, GET)"""
# Users can always see and edit their own comments
if obj.create_user == request.user:
return True
# And see but not edit those from their others in their own
# organization
if obj.create_user.organization == request.user.organization and \
request.method in permissions.SAFE_METHODS:
return True
# Government roles can always view comments
# and can view or edit privileged comments with correct permission
if request.user.is_government_user:
# read
if request.method in permissions.SAFE_METHODS:
if obj.privileged_access:
return request.user.has_perm('VIEW_PRIVILEGED_COMMENTS')
return True
# write
if request.method not in permissions.SAFE_METHODS:
if obj.privileged_access:
return request.user.has_perm('EDIT_PRIVILEGED_COMMENTS')
return True
# not authorized
return False
Example #21
| Source File: permissions.py From course-discovery with GNU Affero General Public License v3.0 | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
else:
return CourseEditor.is_course_editable(request.user, obj.course)
Example #22
| Source File: views.py From CTF_AWD_Platform with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS: # SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
return True
if request.method == 'PUT' or request.method == 'PATCH' or request.method == 'DELETE':
'''
只有队长可以删除修改
'''
return (obj.team_captain.id == request.user.id)
if request.method == 'POST':
'''
任何auth的人都可以创建队伍
'''
return True
Example #23
| Source File: permissions.py From CTF_AWD_Platform with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
'''
object级别权限(后判断这个) 与这个设置相关联:mixins.RetrieveModelMixin
:param request:
:param view:
:param obj:
:return:
'''
if request.method in permissions.SAFE_METHODS: #SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
return True
# return (obj.id == request.user.id)
return True
Example #24
| Source File: permissions.py From elmer with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
return obj.commenter == request.user
Example #25
| Source File: permissions.py From elmer with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
return obj.author == request.user
Example #26
| Source File: permissions.py From elmer with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
if request.user in obj.admins.all():
return True
Example #27
| Source File: permissions.py From volontulo with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
user = request.user
return request.method in permissions.SAFE_METHODS or (
user.is_authenticated() and (
user.userprofile.is_administrator or
obj in user.userprofile.organizations.all()
)
)
Example #28
| Source File: permissions.py From volontulo with MIT License | 5 votes |
|
def has_permission(self, request, view):
"""We are accepting safe methods, post an put methods only for
authenticated users """
return request.method in permissions.SAFE_METHODS or (
request.method in ('POST', 'PUT') and
request.user.is_authenticated()
)
Example #29
| Source File: permissions.py From volontulo with MIT License | 5 votes |
|
def has_object_permission(self, request, view, obj):
user = request.user
return request.method in permissions.SAFE_METHODS or (
user.is_authenticated() and (
user.userprofile.is_administrator or
obj.organization in user.userprofile.organizations.all()
)
)
Example #30
| Source File: permissions.py From volontulo with MIT License | 5 votes |
|
def has_permission(self, request, view):
"""We are accepting only safe methods for now."""
return request.method in permissions.SAFE_METHODS or (
request.method in ('POST', 'PUT') and
request.user.is_authenticated()
)
