Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f1c05e28c94de0b084ebb2602bdcdf61961c3f1
edx-platform/lms/djangoapps/experiments/permissions.py
Stu Young d5ee03e81d INCR-258 Run python-modernize on lms/djangoapps/experiments (#20560) 
* run python modernize

* run isort

* Fix quality
2019-05-21 11:48:28 -04:00

32 lines
1.0 KiB
Python
Raw Blame History

"""
Experimentation permissions
"""
from __future__ import absolute_import
from rest_framework.permissions import SAFE_METHODS, BasePermission
from openedx.core.lib.api import permissions
class IsStaffOrOwner(permissions.IsStaffOrOwner):
"""
Permission that allows access to admin users or the owner of an object.
The owner is considered the User object represented by obj.user.
"""
def has_permission(self, request, view):
# Staff users can create data for anyone.
# Non-staff users can only create data for themselves.
if view.action == 'create':
username = request.user.username
return super(IsStaffOrOwner, self).has_permission(request, view) or (
username == request.data.get('user', username))
# The view will handle filtering for the current user
return True
class IsStaffOrReadOnly(BasePermission):
def has_permission(self, request, view):
return request.user.is_staff or request.method in SAFE_METHODS
Reference in New Issue View Git Blame Copy Permalink