Python rest_framework.permissions.SAFE_METHODS Examples
The following are 30
code examples of rest_framework.permissions.SAFE_METHODS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
rest_framework.permissions
, or try the search function
.
Example #1
Source File: views.py From peering-manager with Apache License 2.0 | 6 votes |
def configure(self, request, pk=None): router = self.get_object() # Check if the router runs on a supported platform if not router.platform: raise ServiceUnavailable("Unsupported router platform.") # Check user permission first if not request.user.has_perm("peering.deploy_configuration_router"): return HttpResponseForbidden() # Commit changes only if not using a GET request error, changes = router.set_napalm_configuration( router.generate_configuration(), commit=(request.method not in SAFE_METHODS) ) return Response({"changed": not error, "changes": changes, "error": error})
Example #2
Source File: OrganizationPermissions.py From tfrs with Apache License 2.0 | 6 votes |
def has_object_permission(self, request, view, obj): """Check permissions When an object does exist (PUT, GET)""" if request.user.has_perm('EDIT_FUEL_SUPPLIERS'): return True # Users can always see themselves if obj.id == request.user.id and \ request.method in permissions.SAFE_METHODS: return True if request.method == 'GET' and \ request.user.has_perm('VIEW_FUEL_SUPPLIERS'): return True if obj.id == request.user.organization.id and \ request.user.has_perm('EDIT_FUEL_SUPPLIER'): return True # not authorized return False
Example #3
Source File: openshift_all_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
def has_permission(self, request, view): """Check permission to view OCP-on-ALL data.""" if request.user.admin: return True resource_access = request.user.access if resource_access is None or not isinstance(resource_access, dict): return False read_access = [] if request.method in permissions.SAFE_METHODS: # Check permissions for read-only request for resource_type in RESOURCE_TYPES: res_type_access = resource_access.get(resource_type, {}) read_access.extend(res_type_access.get("read", [])) return len(read_access) > 0 return False
Example #4
Source File: aws_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
def has_permission(self, request, view): """Check permission to view AWS data.""" if request.user.admin: return True resource_access = request.user.access if resource_access is None or not isinstance(resource_access, dict): return False res_type_access = resource_access.get(AwsAccessPermission.resource_type, {}) if request.method in permissions.SAFE_METHODS: # Check permissions for read-only request read_access = res_type_access.get("read", []) return len(read_access) > 0 return False
Example #5
Source File: azure_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
def has_permission(self, request, view): """Check permission to view Azure data.""" if request.user.admin: return True resource_access = request.user.access if resource_access is None or not isinstance(resource_access, dict): return False res_type_access = resource_access.get(AzureAccessPermission.resource_type, {}) if request.method in permissions.SAFE_METHODS: # Check permissions for read-only request read_access = res_type_access.get("read", []) return len(read_access) > 0 return False
Example #6
Source File: views.py From SchoolIdolAPI with Apache License 2.0 | 6 votes |
def get_queryset(self): queryset = models.Activity.objects.all() if self.request.method not in permissions.SAFE_METHODS: # To check for permission queryset = queryset.select_related('account', 'account__owner') if 'expand_account' in self.request.query_params: queryset = queryset.select_related('account') if 'expand_liked_by' in self.request.query_params: queryset = queryset.prefetch_related(Prefetch('likes', to_attr='liked_by')) queryset = queryset.select_related('account', 'account__owner') ordering = self.request.query_params.get('ordering', '') if ('expand_total_likes' in self.request.query_params and 'expand_liked_by' not in self.request.query_params) or 'total_likes' in ordering: queryset = queryset.annotate(total_likes=Count('likes')) if ('expand_liked' in self.request.query_params and self.request.user.is_authenticated() and 'expand_liked_by' not in self.request.query_params): queryset = queryset.extra(select={'liked': 'SELECT COUNT(*) FROM api_activity_likes WHERE activity_id=api_activity.id AND user_id={}'.format(self.request.user.id) }) return queryset
Example #7
Source File: cost_models_access.py From koku with GNU Affero General Public License v3.0 | 6 votes |
def has_permission(self, request, view): """Check permission based on the defined access.""" if request.user.admin: return True if not request.user.access: return False if request.method in permissions.SAFE_METHODS: rates_read = request.user.access.get("rate", {}).get("read", []) if rates_read: return True else: rates_write = request.user.access.get("rate", {}).get("write", []) if "*" in rates_write: return True if self.get_uuid_from_url(request) in rates_write: return True return False
Example #8
Source File: permissions.py From drf-tutorial with MIT License | 5 votes |
def has_permission(self, request, view): if request.method in SAFE_METHODS: return True return request.user.is_staff
Example #9
Source File: ComplianceReport.py From tfrs with Apache License 2.0 | 5 votes |
def has_object_permission(self, request, view, obj): """Check permissions When an object does exist (PUT, GET)""" # Users can only update their own compliance reports if obj.organization == request.user.organization: return True if request.user.is_government_user: # Government users can see compliance reports if request.method in permissions.SAFE_METHODS: return True # Government users can manage compliance report statuses if request.user.has_perm( 'ANALYST_RECOMMEND_ACCEPTANCE_COMPLIANCE_REPORT' ) or request.user.has_perm( 'ANALYST_RECOMMEND_REJECTION_COMPLIANCE_REPORT' ) or request.user.has_perm( 'MANAGER_RECOMMEND_ACCEPTANCE_COMPLIANCE_REPORT' ) or request.user.has_perm( 'MANAGER_RECOMMEND_REJECTION_COMPLIANCE_REPORT' ) or request.user.has_perm( 'APPROVE_CREDIT_TRANSFER' # Director ): return True return False
Example #10
Source File: permissions.py From controller with MIT License | 5 votes |
def has_permission(self, request, view): """ Return `True` if permission is granted, `False` otherwise. """ return request.method in permissions.SAFE_METHODS or request.user.is_superuser
Example #11
Source File: CompliancePeriod.py From tfrs with Apache License 2.0 | 5 votes |
def has_permission(self, request, view): """Check permissions When an object does not yet exist (POST)""" if request.method in permissions.SAFE_METHODS: return True return request.user.has_perm('EDIT_COMPLIANCE_PERIODS')
Example #12
Source File: permissions.py From drf-tutorial with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in SAFE_METHODS: return True return obj.created_by == request.user
Example #13
Source File: auth.py From openduty with MIT License | 5 votes |
def has_permission(self, request, view): return ( request.method not in SAFE_METHODS or request.user and request.user.is_authenticated() )
Example #14
Source File: permissions.py From semillas_platform with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request, # so we'll always allow GET, HEAD or OPTIONS requests. if request.method in permissions.SAFE_METHODS: return True # Write permissions are only allowed to the owner of the snippet. return obj == request.user
Example #15
Source File: permissions.py From Project-Dashboard-with-Django with MIT License | 5 votes |
def has_permission(self, request, view): if request.method in SAFE_METHODS: return True if request.method == "POST": return True return request.user and request.user.is_superuser
Example #16
Source File: permissions.py From Project-Dashboard-with-Django with MIT License | 5 votes |
def has_permission(self, request, view): if request.method in SAFE_METHODS: return True return request.user and request.user.is_superuser
Example #17
Source File: permissions.py From python-sample-tweeterapp with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: # Allow read only permissions to any user # to view the tweet return True else: # Check that the request user owns the object # being edited return obj.user == request.user
Example #18
Source File: permissions.py From SchoolIdolAPI with Apache License 2.0 | 5 votes |
def has_object_permission(self, request, view, obj=None): return ( request.method in permissions.SAFE_METHODS or (request.user.is_authenticated() and request.user.is_staff) )
Example #19
Source File: DocumentComment.py From tfrs with Apache License 2.0 | 5 votes |
def has_object_permission(self, request, view, obj): """Check permissions When an object does exist (PUT, GET)""" # Users can always see and edit their own comments if obj.create_user == request.user: return True # And see but not edit those from their others in their own # organization if obj.create_user.organization == request.user.organization and \ request.method in permissions.SAFE_METHODS: return True # Government roles can always view comments # and can view or edit privileged comments with correct permission if request.user.is_government_user: # read if request.method in permissions.SAFE_METHODS: if obj.privileged_access: return request.user.has_perm('DOCUMENTS_VIEW') return True # write if request.method not in permissions.SAFE_METHODS: if obj.privileged_access: return request.user.has_perm('DOCUMENTS_GOVERNMENT_REVIEW') return True # not authorized return False
Example #20
Source File: CreditTradeComment.py From tfrs with Apache License 2.0 | 5 votes |
def has_object_permission(self, request, view, obj): """Check permissions When an object does exist (PUT, GET)""" # Users can always see and edit their own comments if obj.create_user == request.user: return True # And see but not edit those from their others in their own # organization if obj.create_user.organization == request.user.organization and \ request.method in permissions.SAFE_METHODS: return True # Government roles can always view comments # and can view or edit privileged comments with correct permission if request.user.is_government_user: # read if request.method in permissions.SAFE_METHODS: if obj.privileged_access: return request.user.has_perm('VIEW_PRIVILEGED_COMMENTS') return True # write if request.method not in permissions.SAFE_METHODS: if obj.privileged_access: return request.user.has_perm('EDIT_PRIVILEGED_COMMENTS') return True # not authorized return False
Example #21
Source File: permissions.py From course-discovery with GNU Affero General Public License v3.0 | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in SAFE_METHODS: return True else: return CourseEditor.is_course_editable(request.user, obj.course)
Example #22
Source File: views.py From CTF_AWD_Platform with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: # SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS') return True if request.method == 'PUT' or request.method == 'PATCH' or request.method == 'DELETE': ''' 只有队长可以删除修改 ''' return (obj.team_captain.id == request.user.id) if request.method == 'POST': ''' 任何auth的人都可以创建队伍 ''' return True
Example #23
Source File: permissions.py From CTF_AWD_Platform with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): ''' object级别权限(后判断这个) 与这个设置相关联:mixins.RetrieveModelMixin :param request: :param view: :param obj: :return: ''' if request.method in permissions.SAFE_METHODS: #SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS') return True # return (obj.id == request.user.id) return True
Example #24
Source File: permissions.py From elmer with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in SAFE_METHODS: return True return obj.commenter == request.user
Example #25
Source File: permissions.py From elmer with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in SAFE_METHODS: return True return obj.author == request.user
Example #26
Source File: permissions.py From elmer with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): if request.method in SAFE_METHODS: return True if request.user in obj.admins.all(): return True
Example #27
Source File: permissions.py From volontulo with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): user = request.user return request.method in permissions.SAFE_METHODS or ( user.is_authenticated() and ( user.userprofile.is_administrator or obj in user.userprofile.organizations.all() ) )
Example #28
Source File: permissions.py From volontulo with MIT License | 5 votes |
def has_permission(self, request, view): """We are accepting safe methods, post an put methods only for authenticated users """ return request.method in permissions.SAFE_METHODS or ( request.method in ('POST', 'PUT') and request.user.is_authenticated() )
Example #29
Source File: permissions.py From volontulo with MIT License | 5 votes |
def has_object_permission(self, request, view, obj): user = request.user return request.method in permissions.SAFE_METHODS or ( user.is_authenticated() and ( user.userprofile.is_administrator or obj.organization in user.userprofile.organizations.all() ) )
Example #30
Source File: permissions.py From volontulo with MIT License | 5 votes |
def has_permission(self, request, view): """We are accepting only safe methods for now.""" return request.method in permissions.SAFE_METHODS or ( request.method in ('POST', 'PUT') and request.user.is_authenticated() )