python类SAFE_METHODS的实例源码

viewsets.py 文件源码 项目:socialhome 作者: jaywink 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return True

        if not request.user.is_authenticated:
            return False

        return True
permissions.py 文件源码 项目:gee-bridge 作者: francbartoli 项目源码 文件源码 阅读 33 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        """Summary

        Args:
            request (TYPE): Description
            view (TYPE): Description
            obj (TYPE): Description

        Returns:
            TYPE: Description
        """
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
rest_framework_api.py 文件源码 项目:django-tmpl 作者: jarrekk 项目源码 文件源码 阅读 28 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        # User should be active
        if not request.user.is_active:
            self.message = 'User is not active.'
            return False

        # Superuser can control any user
        if request.user.is_superuser:
            return True
        if request.user.pk != obj.pk:
            return False
        if request.user.emailaddress_set.exists() and not request.user.emailaddress_set.first().verified:
            self.message = 'Please activate your user via confirm email.'
            return False
        return True

# Custom rest_framework jwt response
permissions.py 文件源码 项目:pfb-network-connectivity 作者: azavea 项目源码 文件源码 阅读 28 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        """Allow only admins to create results
        Arguments:
            request (rest_framework.request.Request): request to check for
        """

        if request.method in permissions.SAFE_METHODS:
            return True

        if not request.user or not request.user.is_authenticated():
            return False

        if 'AnalysisJobViewSet' == view.__class__.__name__:
            return is_admin(request.user)
        elif ('OrganizationViewSet' == view.__class__.__name__ and
              is_admin(request.user) and is_admin_org(request.user)):
            return True
        else:
            return request.user.role in UserRoles.DEFAULT_CREATE
serializers.py 文件源码 项目:gennotes 作者: madprime 项目源码 文件源码 阅读 28 收藏 0 点赞 0 评论 0 
def get_current_version(self, obj):
        """
        Return current version ID for non-edit methods, otherwise 'Unknown'.

        When editing, a new version will be created by django-reversion.
        However, due to transaction timing the ID for this new Version hasn't
        yet been generated and stored by the time the response for the editing
        API call is generated. Rather than return the old, incorrect ID, we
        simply report 'Unknown' for editing API calls.

        An editing app will need to perform a new GET request to get the new
        version ID for the object.
        """
        if self.context['request'].method in permissions.SAFE_METHODS:
            try:
                return reversion.get_for_date(obj, timezone.now()).id
            except Version.DoesNotExist:
                return 'Unknown'
        else:
            return 'Unknown'
permissions.py 文件源码 项目:morango 作者: learningequality 项目源码 文件源码 阅读 31 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):

        # the Django REST Framework browseable API calls this to see what buttons to show
        if not request.data:
            return True

        # we allow anyone to read certificates
        if request.method in permissions.SAFE_METHODS:
            return True

        # other than read (or other safe) operations, we only allow POST
        if request.method == "POST":
            # check that the authenticated user has the appropriate permissions to create the certificate
            if hasattr(request.user, "has_morango_certificate_scope_permission"):
                scope_definition_id = request.data.get("scope_definition")
                scope_params = json.loads(request.data.get("scope_params"))
                if scope_definition_id and scope_params and isinstance(scope_params, dict):
                    return request.user.has_morango_certificate_scope_permission(scope_definition_id, scope_params)
            return False

        return False
permissions.py 文件源码 项目:EvalAI 作者: Cloud-CV 项目源码 文件源码 阅读 35 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):

        if request.method in permissions.SAFE_METHODS:
            return True
        elif request.method in ['DELETE', 'PATCH', 'PUT', 'POST']:
            try:
                challenge = Challenge.objects.get(pk=request.parser_context['kwargs']['challenge_pk'])
            except Challenge.DoesNotExist:
                return False

            if request.user.id == challenge.creator.created_by.id:
                return True
            else:
                return False
        else:
            return False
permissions.py 文件源码 项目:wger-lycan-clan 作者: andela 项目源码 文件源码 阅读 33 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        '''
        Perform the check
        '''
        owner_object = obj.get_owner_object() if hasattr(obj, 'get_owner_object') else False

        # Owner
        if owner_object and owner_object.user == request.user:
            return True

        # 'global' objects only for GET, HEAD or OPTIONS
        if not owner_object and request.method in permissions.SAFE_METHODS:
            return True

        # Everything else is a no-no
        return False
viewsets.py 文件源码 项目:socialhome 作者: jaywink 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        return obj.user == request.user
viewsets.py 文件源码 项目:socialhome 作者: jaywink 项目源码 文件源码 阅读 26 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return True

        if request.user.is_authenticated:
            return True

        return False
viewsets.py 文件源码 项目:socialhome 作者: jaywink 项目源码 文件源码 阅读 27 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        if request.user.is_authenticated:
            if view.action == "share" or obj.author == request.user.profile:
                return True

        return False
permissions.py 文件源码 项目:gee-bridge 作者: francbartoli 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in SAFE_METHODS:
            return True
        elif request.method in ('POST', 'PUT', 'DELETE'):
            return True
__init__.py 文件源码 项目:Instagram 作者: Fastcampus-WPS-5th 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj == request.user
rest_framework_api.py 文件源码 项目:django-tmpl 作者: jarrekk 项目源码 文件源码 阅读 26 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
permissions.py 文件源码 项目:minimum-entropy 作者: DistrictDataLabs 项目源码 文件源码 阅读 32 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.author == request.user
permissions.py 文件源码 项目:higlass-server 作者: hms-dbmi 项目源码 文件源码 阅读 28 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        # if request.method in permissions.SAFE_METHODS:
        # Write permissions are only allowed to the owner of the snippet.
        if request.user.is_staff:
            return True
        else:
            return obj.owner == request.user
permissions.py 文件源码 项目:pfb-network-connectivity 作者: azavea 项目源码 文件源码 阅读 26 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):

        if request.method not in permissions.SAFE_METHODS:
            return is_admin(request.user) and is_admin_org(request.user)
        else:
            return True
permissions.py 文件源码 项目:pfb-network-connectivity 作者: azavea 项目源码 文件源码 阅读 34 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        """Allow access to admins or if safe method"""

        if not request.user or not request.user.is_authenticated():
            return False

        if is_admin(request.user) or is_org_admin(request.user):
            return True

        if view.action in self.ALLOWED_ACTIONS or request.method in permissions.SAFE_METHODS:
            return True

        return False
permission.py 文件源码 项目:TaskApp 作者: isheng5 项目源码 文件源码 阅读 27 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return  True
        return request.user.is_superuser
permissions.py 文件源码 项目:backend 作者: lecrec 项目源码 文件源码 阅读 60 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj.user == request.user
permissions.py 文件源码 项目:gennotes 作者: madprime 项目源码 文件源码 阅读 28 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            if request.auth and hasattr(request.auth, 'scope'):
                required_scopes = self.get_scopes(request, view)
                token_valid = request.auth.is_valid(required_scopes)
                user_verified = EmailAddress.objects.get(
                    user=request.user).verified
                return token_valid and user_verified
            if request.user and request.user.is_authenticated():
                # Avoiding try/except; we think this will work for any user.
                return EmailAddress.objects.get(user=request.user).verified

        return False
permissions.py 文件源码 项目:woolly-api 作者: simde-utc 项目源码 文件源码 阅读 319 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
permissions.py 文件源码 项目:Pyphon 作者: pyphonic 项目源码 文件源码 阅读 34 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        """Read permissions are allowed to any request."""
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet
        return obj.owner == request.user  # This came from imager. might need changes.
permissions.py 文件源码 项目:speakerbob 作者: paynejacob 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj == request.user
views.py 文件源码 项目:sdining 作者: Lurance 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.business.user == request.user or request.user.is_superuser
views.py 文件源码 项目:sdining 作者: Lurance 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.user == request.user or request.user.is_superuser
permissions.py 文件源码 项目:paas-tools 作者: imperodesign 项目源码 文件源码 阅读 26 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        return request.method in permissions.SAFE_METHODS or request.user.is_superuser
permissions.py 文件源码 项目:paas-tools 作者: imperodesign 项目源码 文件源码 阅读 30 收藏 0 点赞 0 评论 0 
def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        return request.method in permissions.SAFE_METHODS or request.user.is_superuser
permissions.py 文件源码 项目:cloud-clipboard 作者: krsoninikhil 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # anyone can read i.e. GET, OPTIONS, etc
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.user == request.user
api.py 文件源码 项目:kolibri 作者: learningequality 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0 
def has_object_permission(self, request, view, obj):
        # note that there is no entry for POST here, as creation is handled by `has_permission`, above
        if request.method in permissions.SAFE_METHODS:  # 'GET', 'OPTIONS' or 'HEAD'
            return request.user.can_read(obj)
        elif request.method in ["PUT", "PATCH"]:
            return request.user.can_update(obj)
        elif request.method == "DELETE":
            return request.user.can_delete(obj)
        else:
            return False


问题


面经


文章

微信
公众号

扫码关注公众号