Source code for oscarapi.permissions

from rest_framework.permissions import BasePermission, IsAuthenticated

from oscarapi.basket.operations import request_allows_access_to


[docs]class HasUser(BasePermission): "Only anonymous and authenticated users can access this resource."
[docs] def has_permission(self, request, view): return request.user
[docs]class IsAdminUserOrRequestAllowsAccessTo(BasePermission): """ Permission class that checks if a request allows access to a basket. """
[docs] def has_object_permission(self, request, view, obj): return request_allows_access_to(request, obj) or request.user.is_staff
[docs]class IsOwner(IsAuthenticated): """ Permission that checks if this object has a foreign key pointing to the authenticated user of this request """
[docs] def has_object_permission(self, request, view, obj): return obj.user == request.user