feat: ✨ token permission

2024-07-04 05:46:16 +03:00 · 2024-07-04 05:46:16 +03:00 · f9683d202f
commit f9683d202f
parent b90fa4ae3c
3 changed files with 18 additions and 1 deletions
--- a/tJango/permissions.py
+++ b/tJango/permissions.py
@ -0,0 +1,11 @@
+from rest_framework import permissions
+from user_token.views import TokenValidation
+
+
+class IsOwnerOrIsAdminOrHasToken(permissions.BasePermission):
+    def has_permission(self, request, view):
+        token = request.META.get("HTTP_DETECTIVE_TOKEN")
+        is_token_valid = bool(TokenValidation.check_token(token))
+        return (
+            is_token_valid | request.user.is_superuser | request.user.is_authenticated
+        )
--- a/user/views.py
+++ b/user/views.py
@ -1,6 +1,7 @@
 from rest_framework.viewsets import ModelViewSet

 # from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from tJango import permissions
 from .models import User
 from .serializers import UserSerializer

@ -8,4 +9,4 @@ from .serializers import UserSerializer
 class UserViewSet(ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer
-    # permission_classes = [IsAuthenticatedOrReadOnly]
+    permission_classes = [permissions.IsOwnerOrIsAdminOrHasToken]
--- a/user_token/views.py
+++ b/user_token/views.py
@ -9,3 +9,8 @@ class UserViewSet(ReadOnlyModelViewSet):
    queryset = UserToken.objects.all()
    serializer_class = UserTokenSerializer
    # permission_classes = [IsAuthenticatedOrReadOnly]
+
+
+class TokenValidation:
+    def check_token(value):
+        return UserToken.objects.filter(token=value)