From f9683d202fd6448e5b8278174f838c624caf9f54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ahmet=20Kaan=20G=C3=9CM=C3=9C=C5=9E?= <96421894+Tahinli@users.noreply.github.com> Date: Thu, 4 Jul 2024 05:46:16 +0300 Subject: [PATCH] feat: :sparkles: token permission --- tJango/permissions.py | 11 +++++++++++ user/views.py | 3 ++- user_token/views.py | 5 +++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 tJango/permissions.py diff --git a/tJango/permissions.py b/tJango/permissions.py new file mode 100644 index 0000000..37e9db4 --- /dev/null +++ b/tJango/permissions.py @@ -0,0 +1,11 @@ +from rest_framework import permissions +from user_token.views import TokenValidation + + +class IsOwnerOrIsAdminOrHasToken(permissions.BasePermission): + def has_permission(self, request, view): + token = request.META.get("HTTP_DETECTIVE_TOKEN") + is_token_valid = bool(TokenValidation.check_token(token)) + return ( + is_token_valid | request.user.is_superuser | request.user.is_authenticated + ) diff --git a/user/views.py b/user/views.py index d3670cc..c06946b 100644 --- a/user/views.py +++ b/user/views.py @@ -1,6 +1,7 @@ from rest_framework.viewsets import ModelViewSet # from rest_framework.permissions import IsAuthenticatedOrReadOnly +from tJango import permissions from .models import User from .serializers import UserSerializer @@ -8,4 +9,4 @@ from .serializers import UserSerializer class UserViewSet(ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer - # permission_classes = [IsAuthenticatedOrReadOnly] + permission_classes = [permissions.IsOwnerOrIsAdminOrHasToken] diff --git a/user_token/views.py b/user_token/views.py index d0f3d36..2e41c15 100644 --- a/user_token/views.py +++ b/user_token/views.py @@ -9,3 +9,8 @@ class UserViewSet(ReadOnlyModelViewSet): queryset = UserToken.objects.all() serializer_class = UserTokenSerializer # permission_classes = [IsAuthenticatedOrReadOnly] + + +class TokenValidation: + def check_token(value): + return UserToken.objects.filter(token=value)