micro_service_placeholder/microService/api/permissions.py

185 lines
5.2 KiB
Python
Raw Normal View History

2024-11-30 05:34:13 +00:00
from rest_framework.permissions import BasePermission, DjangoModelPermissions
from django.contrib.auth.models import Group, Permission as AuthPermission
from django.urls import resolve
import re
class CustomPermission(BasePermission):
req = None
allowed_groups_for_custom_api = {'admin', 'sales', 'creator', 'editor', 'manager', 'leader', 'employee', 'client', 'backoffice', 'support', 'CompanyUser'}
def get_next_segment_after_api_v1(self, request):
resolved_url = resolve(request.path_info)
url_path = resolved_url.route
pattern = r'^api/v1/(\w+)/'
match = re.search(pattern, url_path)
if match:
extracted_word = match.group(1)
return extracted_word
else:
return None # Return None if no match is found
def has_permission(self, request, view):
if request.user.is_superuser:
return True
CustomPermission.req = request
checkPermissionFor = self.get_next_segment_after_api_v1(request)
print(f"Segment after api/v1: {checkPermissionFor}")
if checkPermissionFor is None:
return False
permission_codename = self.getCode(checkPermissionFor)
print(f"Generated permission codename: {permission_codename}")
if not permission_codename:
return False
try:
permission = AuthPermission.objects.get(codename=permission_codename)
print(f"Found permission: {permission}")
groups_with_permission = Group.objects.filter(permissions=permission)
print(f"Groups with permission: {groups_with_permission}")
user_groups = request.user.groups.all()
print(f"User groups: {user_groups}")
for group in user_groups:
if group in groups_with_permission:
return DjangoModelPermissions().has_permission(request, view)
return False
except AuthPermission.DoesNotExist:
print("Permission does not exist.")
if request.user.is_superuser:
return True
if request.user and request.user.is_authenticated:
user_groups = set(request.user.groups.values_list('name', flat=True))
print(f"User groups: {user_groups}")
return bool(user_groups & self.allowed_groups_for_custom_api)
def getCode(self, codeFor):
method = CustomPermission.req.method
if method == 'POST':
return 'add_' + codeFor
elif method == 'GET':
return 'view_' + codeFor
elif method == 'DELETE':
return 'delete_' + codeFor
elif method == 'PUT' or method == 'PATCH':
return 'change_' + codeFor
else:
return None # Return None for invalid methods
# class CompanyBasedPermission(BasePermission):
# def has_permission(self, request, view):
# # Allow all permissions for superusers
# if request.user.is_superuser:
# return True
# # Use your existing custom permission logic
# return CustomPermission().has_permission(request, view)
# def filter_queryset(self, request, queryset, view):
# # If the user is a superuser, return the full queryset without filtering
# if request.user.is_superuser:
# return queryset
# # Otherwise, filter the queryset by the user's company
# user_company = request.user.employee.company
# return queryset.filter(company=user_company)
# class IsCompanyUserOrReadOnly(BasePermission):
# """
# Allows access only to CompanyUser group for their own company's records.
# Superusers have full access.
# """
# def has_permission(self, request, view):
# if request.user.is_superuser:
# return True
# return request.user.groups.filter(name='CompanyUser').exists()
# def has_object_permission(self, request, view, obj):
# if request.user.is_superuser:
# return True
# return obj.company == request.user.employee.company
# class IsProjectManagerOrReadOnly(BasePermission):
# """
# Allows access only to ProjectManager group for their own projects.
# Superusers have full access.
# """
# def has_permission(self, request, view):
# if request.user.is_superuser:
# return True
# return request.user.groups.filter(name='ProjectManager').exists()
# def has_object_permission(self, request, view, obj):
# if request.user.is_superuser:
# return True
# return obj.manager == request.user.employee
# class IsTeamLeaderOrReadOnly(BasePermission):
# """
# Allows access only to TeamLeader group for their own team's tasks.
# Superusers have full access.
# """
# def has_permission(self, request, view):
# if request.user.is_superuser:
# return True
# return request.user.groups.filter(name='TeamLeader').exists()
# def has_object_permission(self, request, view, obj):
# if request.user.is_superuser:
# return True
# return obj.team.leader == request.user.employee