Why Gemfury? Push, build, and install  RubyGems npm packages Python packages Maven artifacts PHP packages Go Modules Debian packages RPM packages NuGet packages

docker-io / hub-client python

Repository URL to install this package:

Version: 
0.11.1.dev0  ▾
Details    
hub-client / dockerhub / permissions.py
Size: Mime: 
from rest_framework import permissions


class IsStaffOrAdminOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to allow admins or staff to edit, but everyone else
    gets read only.
    """
    def has_object_permission(self, request, view, obj):
        return (
            request.method in permissions.SAFE_METHODS or
            request.user.is_staff or obj.user == request.user
        )


class IsOwnerOrStaffOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Super Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return (
            request.method in permissions.SAFE_METHODS or
            request.user.is_staff or obj.user == request.user
        )


class IsOwnerOrAdminOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Admin Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return (
            request.method in permissions.SAFE_METHODS or
            request.user.is_admin or obj.user == request.user
        )


class IsSelfOrStaffOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Super Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return (
            request.method in permissions.SAFE_METHODS or
            request.user.is_staff or obj == request.user
        )


class IsSelfOrAdminOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Admin Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return (
            request.method in permissions.SAFE_METHODS or
            request.user.is_admin or obj == request.user
        )


class IsOwnerOrStaff(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Super Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return request.user.is_staff or obj.user == request.user


class IsOwnerOrAdmin(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Admin Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return request.user.is_admin or obj.user == request.user


class IsSelfOrStaff(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Super Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return request.user.is_staff or obj == request.user


class IsSelfOrAdmin(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it or Admin Users.
    Assumes the model instance is a `DockerUser` object.
    """

    def has_object_permission(self, request, view, obj):
        return request.user.is_admin or obj == request.user


class IsCollaboratorOrPublicReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow collaborators to edit, but allow
    read only to everyone else
    """

    def has_object_permission(self, request, view, obj):
        if request.user.is_collaborator():
            return True
        else:
            if not obj.is_private:
                return request.method in permissions.SAFE_METHODS


class BaseIsRepoCollaboratorOrAdminOrReadOnly(permissions.BasePermission):
    """
    Base Permissions for Repositories. Any subclass must override a `get_repo` method/
    """

    repo = None

    def get_repo(self):
        raise NotImplementedError('Must define a `get_repo` function to set .repo attribute.')

    def has_permission(self, request, view):
        """
        `has_permission` differs from `has_object_permission` by the nature of
        `has_permission` looks to see if the user has permission to access the view.

        You can think of this as `IsAuthenticatedOrReadOnly`. The desired effect is:

        If you are performing a safe method, you can be anonymous or logged in.
        If you are performing a Create/Update/Delete, then the `has_object_permission`
        method will be called, verifying that you have permessions to do a potentially
        destructive action.
        """
        return (
            request.method in permissions.SAFE_METHODS or
            request.user and
            request.user.is_authenticated()
        )

    def has_object_permission(self, request, view, obj):
        """
        requsting user is either:
        1. repository owner
        2. is superuser
        3. is collaborator
        4. is a member of a group collaborator.
        """
        repo = self.get_repo(obj)

        if (not repo.is_private) and request.method in permissions.SAFE_METHODS:
                return True
        if request.user.is_admin:
            return True
        elif request.user == repo.user:
            return True
        elif repo.collaborators.filter(pk=request.user.pk):
            return True
        # Todo: figure this part out.
        # elif request.user.groups in repo.group_collaborators:
        #     return True
        else:
            return False

Products

About

Resources

Contact Gemfury