Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 73 create and edit permission file #91

Merged
merged 3 commits into from
Jan 25, 2025
Merged

Issue 73 create and edit permission file #91

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e4aa202
Create the initial permissions.py file
TroubledPhilip Jan 21, 2025
2398641
Merge branch 'main' into issue-73-create-and-edit-permission-file
TroubledPhilip Jan 25, 2025
6647923
fixed flakes error
TroubledPhilip Jan 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions server/api/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
from rest_framework.permissions import BasePermission
from .users.models import Student, Teacher


'''
Example of using this file in the views.py file:
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticated
from api.permissions import IsStudent, IsTeacher, IsAdmin
from api.serializers import SchoolSerializer
from users.models import School


class SchoolViewSet(viewsets.ModelViewSet):
queryset = School.objects.all()
serializer_class = SchoolSerializer
permission_classes = [IsAuthenticated | IsStudent | IsTeacher | IsAdmin]


'''


def get_user_role(user):
"""
Determine the role of a user based on their related model.

Args:
user: The User object to check.

Returns:
str: 'student', 'teacher', or 'unknown' based on the user's role.
"""
if not user.is_authenticated:
return 'unknown'

try:
# Check if the user is a Student
if user.student:
return 'student'
except Student.DoesNotExist:
pass

try:
# Check if the user is a Teacher
if user.teacher:
return 'teacher'
except Teacher.DoesNotExist:
pass

# Check if the user is an Admin
if user.is_staff:
return 'admin'

return 'unknown'


class IsStudent(BasePermission):
"""
Permission class to allow access only to students.
"""
def has_permission(self, request, view):
return get_user_role(request.user) == 'student'


class IsTeacher(BasePermission):
"""
Permission class to allow access only to teachers.
"""
def has_permission(self, request, view):
return get_user_role(request.user) == 'teacher'


class IsAdmin(BasePermission):
"""
Permission class to allow access only to superusers or staff.
"""
def has_permission(self, request, view):
return request.user.is_authenticated and request.user.is_staff
Loading