| 12345678910111213141516171819 |
- from django.shortcuts import get_object_or_404
- from rest_framework import permissions
- from tickets.models import Ticket, TicketList
- class UserCanReadTicketListPermission(permissions.BasePermission):
- def has_object_permission(serf, request, view, obj):
- return request.user.is_superuser or obj.group in request.user.groups.all()
- class UserTicketAccessPermission(permissions.BasePermission):
- def has_object_permission(self, request, view, obj):
- if request.method in permissions.SAFE_METHODS:
- return request.user.is_superuser or obj.ticket_list.group in request.user.groups.all() or obj.assigned_to == request.user
- return request.user.is_superuser or request.user.is_staff or obj.created_by == request.user
-
|
