github.com/misfo/deis@v1.0.1-0.20141111224634-e0eee0392b8a/controller/api/permissions.py

github.com/misfo/deis@v1.0.1-0.20141111224634-e0eee0392b8a/controller/api/permissions.py (about)

     1  from rest_framework import permissions
     2  from django.conf import settings
     3  from django.contrib.auth.models import AnonymousUser
     4  
     5  from api import models
     6  
     7  
     8  class IsAnonymous(permissions.BasePermission):
     9      """
    10      View permission to allow anonymous users.
    11      """
    12  
    13      def has_permission(self, request, view):
    14          """
    15          Return `True` if permission is granted, `False` otherwise.
    16          """
    17          return type(request.user) is AnonymousUser
    18  
    19  
    20  class IsOwner(permissions.BasePermission):
    21      """
    22      Object-level permission to allow only owners of an object to access it.
    23      Assumes the model instance has an `owner` attribute.
    24      """
    25  
    26      def has_object_permission(self, request, view, obj):
    27          if hasattr(obj, 'owner'):
    28              return obj.owner == request.user
    29          else:
    30              return False
    31  
    32  
    33  class IsAppUser(permissions.BasePermission):
    34      """
    35      Object-level permission to allow owners or collaborators to access
    36      an app-related model.
    37      """
    38      def has_object_permission(self, request, view, obj):
    39          if isinstance(obj, models.App) and obj.owner == request.user:
    40              return True
    41          elif hasattr(obj, 'app') and obj.app.owner == request.user:
    42              return True
    43          elif request.user.has_perm('use_app', obj):
    44              return request.method != 'DELETE'
    45          elif hasattr(obj, 'app') and request.user.has_perm('use_app', obj.app):
    46              return request.method != 'DELETE'
    47          else:
    48              return False
    49  
    50  
    51  class IsAdmin(permissions.BasePermission):
    52      """
    53      View permission to allow only admins.
    54      """
    55  
    56      def has_permission(self, request, view):
    57          """
    58          Return `True` if permission is granted, `False` otherwise.
    59          """
    60          return request.user.is_superuser
    61  
    62  
    63  class IsAdminOrSafeMethod(permissions.BasePermission):
    64      """
    65      View permission to allow only admins to use unsafe methods
    66      including POST, PUT, DELETE.
    67  
    68      This allows
    69      """
    70  
    71      def has_permission(self, request, view):
    72          """
    73          Return `True` if permission is granted, `False` otherwise.
    74          """
    75          return request.method in permissions.SAFE_METHODS or request.user.is_superuser
    76  
    77  
    78  class HasRegistrationAuth(permissions.BasePermission):
    79      """
    80      Checks to see if registration is enabled
    81      """
    82      def has_permission(self, request, view):
    83          return settings.REGISTRATION_ENABLED
    84  
    85  
    86  class HasBuilderAuth(permissions.BasePermission):
    87      """
    88      View permission to allow builder to perform actions
    89      with a special HTTP header
    90      """
    91  
    92      def has_permission(self, request, view):
    93          """
    94          Return `True` if permission is granted, `False` otherwise.
    95          """
    96          auth_header = request.environ.get('HTTP_X_DEIS_BUILDER_AUTH')
    97          if not auth_header:
    98              return False
    99          return auth_header == settings.BUILDER_KEY