2020-05-16 21:27:00 +08:00
|
|
|
|
# coding:utf-8
|
|
|
|
|
|
# @文件: permissions.py
|
|
|
|
|
|
# @创建者:州的先生
|
|
|
|
|
|
# #日期:2020/5/11
|
|
|
|
|
|
# 博客地址:zmister.com
|
|
|
|
|
|
|
|
|
|
|
|
from rest_framework.permissions import BasePermission,SAFE_METHODS
|
2021-04-13 21:19:42 +08:00
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
2020-05-16 21:27:00 +08:00
|
|
|
|
|
2021-05-28 22:28:41 +08:00
|
|
|
|
|
|
|
|
|
|
# 超级管理员权限
|
|
|
|
|
|
class SuperUserPermission(BasePermission):
|
|
|
|
|
|
message = _('无权访问')
|
|
|
|
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
|
|
return bool(request.user and request.user.is_superuser)
|
|
|
|
|
|
|
|
|
|
|
|
|
2020-05-16 21:27:00 +08:00
|
|
|
|
class AppPermission(BasePermission):
|
2021-03-13 16:45:51 +08:00
|
|
|
|
message = _('只有VIP才能访问')
|
2020-05-16 21:27:00 +08:00
|
|
|
|
|
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
|
|
# vip才有访问权限
|
|
|
|
|
|
# request.user:当前经过认证的用户对象
|
|
|
|
|
|
# 如果没有认证 request.user就是匿名用户
|
|
|
|
|
|
if not request.auth:
|
|
|
|
|
|
# 认证没有通过
|
|
|
|
|
|
return False
|
|
|
|
|
|
if request.user.vip:
|
|
|
|
|
|
return True
|
|
|
|
|
|
else:
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
|
|
|
|
|
|
|
|
|
|
if request.method in SAFE_METHODS:
|
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
# 示例必须要有一个名为`owner`的属性
|
|
|
|
|
|
return obj.owner == request.user
|
