2019-11-22 11:23:24 -07:00
|
|
|
"""SatNOGS Network API permissions, django rest framework"""
|
2014-12-13 10:49:15 -07:00
|
|
|
from rest_framework import permissions
|
|
|
|
|
2019-08-30 19:50:46 -06:00
|
|
|
from network.base.perms import schedule_perms
|
|
|
|
|
2014-12-13 10:49:15 -07:00
|
|
|
|
|
|
|
class SafeMethodsOnlyPermission(permissions.BasePermission):
|
|
|
|
"""Anyone can access non-destructive methods (like GET and HEAD)"""
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
return self.has_object_permission(request, view)
|
|
|
|
|
|
|
|
def has_object_permission(self, request, view, obj=None):
|
|
|
|
return request.method in permissions.SAFE_METHODS
|
|
|
|
|
|
|
|
|
2019-08-30 19:50:46 -06:00
|
|
|
class StationOwnerPermission(permissions.BasePermission):
|
2015-05-06 02:55:54 -06:00
|
|
|
"""Only the owner can edit station jobs"""
|
2015-05-06 13:12:41 -06:00
|
|
|
def has_object_permission(self, request, view, obj):
|
2015-05-06 02:55:54 -06:00
|
|
|
if request.method in permissions.SAFE_METHODS:
|
|
|
|
return True
|
2019-08-30 19:50:46 -06:00
|
|
|
if request.method == 'POST' and schedule_perms(request.user):
|
|
|
|
return True
|
2019-09-24 11:04:40 -06:00
|
|
|
return request.user.is_authenticated() and request.user == obj.ground_station.owner
|