gcolangelo/ShooterHub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fde92f92dbcb42cfb6e81e122b33877582abe5c5
ShooterHub/apps/tools/permissions.py
Gérald Colangelo fde92f92db First commit of claude's rework in django + vanillajs fronted
2026-04-02 11:24:30 +02:00

28 lines
1.0 KiB
Python
Raw Blame History

from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsOwnerOrUnclaimed(BasePermission):
"""
Permission for resources with an optional `user` FK.
- POST (create): open to anyone — viewset sets user=None for anonymous callers.
- GET list: viewset filters to own records (or returns empty for anonymous).
- GET detail: open to anyone with the ID.
- PATCH/PUT/DELETE:
* unclaimed (user=None) → anyone may mutate.
* claimed (user set) → owner only.
NOTE: The global DRF default is IsAuthenticated; this class must be
explicitly declared on every viewset in the tools app.
"""
def has_permission(self, request, view):
return True # object-level and queryset filtering handle the rest
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
if obj.user is None:
return True
return request.user.is_authenticated and obj.user == request.user
Reference in New Issue View Git Blame Copy Permalink