| 12345678910111213141516171819 |
- from rest_framework import permissions
- class UserCanReadTicketListPermission(permissions.BasePermission):
- def has_object_permission(serf, request, view, obj):
- return request.user.is_superuser or obj.group in request.user.groups.all()
- class UserTicketAccessPermission(permissions.BasePermission):
- def has_object_permission(self, request, view, obj):
- if request.method in permissions.SAFE_METHODS:
- return request.user.is_superuser or obj.ticket_list.group in request.user.groups.all() or obj.assigned_to == request.user
- return request.user.is_superuser or request.user.is_staff or obj.created_by == request.user
- class UserTicketStatusAccessPermission(permissions.BasePermission):
- def has_object_permission(self, request, view, obj):
- return request.user.is_superuser or obj.ticket_list.group in request.user.groups.all() or obj.assigned_to == request.user or obj.created_by == request.user
|
