forked from uncloud/uncloud
Move pay views under /user/username/{bill, address, order, ...}
This commit is contained in:
parent
94932edebe
commit
caf7f7a2c2
7 changed files with 118 additions and 52 deletions
24
uncloud_django_based/uncloud/uncloud_auth/helpers.py
Normal file
24
uncloud_django_based/uncloud/uncloud_auth/helpers.py
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
from rest_framework import permissions
|
||||
from django.contrib.auth import get_user_model
|
||||
|
||||
class IsOwnerOrAdmin(permissions.BasePermission):
|
||||
"""
|
||||
Object-level permission to only allow owner or admin to edit an object.
|
||||
Assumes the model instance has an `owner` attribute.
|
||||
"""
|
||||
|
||||
def has_permission(self, request, view):
|
||||
if request.user.is_staff:
|
||||
return True
|
||||
|
||||
try:
|
||||
target_user = get_user_model().objects.get(
|
||||
username=view.kwargs['user_pk'])
|
||||
return target_user == request.user
|
||||
except:
|
||||
return False
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return (obj.owner == request.user) or request.user.is_staff
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue