feat: ✨ token permission

tJango/permissions.py

@@ -0,0 +1,11 @@
+from rest_framework import permissions
+from user_token.views import TokenValidation
+
+
+class IsOwnerOrIsAdminOrHasToken(permissions.BasePermission):
+    def has_permission(self, request, view):
+        token = request.META.get("HTTP_DETECTIVE_TOKEN")
+        is_token_valid = bool(TokenValidation.check_token(token))
+        return (
+            is_token_valid | request.user.is_superuser | request.user.is_authenticated
+        )

user/views.py

@@ -1,6 +1,7 @@
 from rest_framework.viewsets import ModelViewSet
 
 # from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from tJango import permissions
 from .models import User
 from .serializers import UserSerializer
 
@@ -8,4 +9,4 @@ from .serializers import UserSerializer
 class UserViewSet(ModelViewSet):
     queryset = User.objects.all()
     serializer_class = UserSerializer
-    # permission_classes = [IsAuthenticatedOrReadOnly]
+    permission_classes = [permissions.IsOwnerOrIsAdminOrHasToken]

user_token/views.py

@@ -9,3 +9,8 @@ class UserViewSet(ReadOnlyModelViewSet):
     queryset = UserToken.objects.all()
     serializer_class = UserTokenSerializer
     # permission_classes = [IsAuthenticatedOrReadOnly]
+
+
+class TokenValidation:
+    def check_token(value):
+        return UserToken.objects.filter(token=value)