1. 模块列表
  2. 函数列表
  3. rest_framework.permissions.SAFE_METHODS

Python rest_framework.permissions 模块,SAFE_METHODS 实例源码

我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用rest_framework.permissions.SAFE_METHODS

项目:socialhome    作者:jaywink    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return True

        if not request.user.is_authenticated:
            return False

        return True
项目:gee-bridge    作者:francbartoli    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        """Summary

        Args:
            request (TYPE): Description
            view (TYPE): Description
            obj (TYPE): Description

        Returns:
            TYPE: Description
        """
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
项目:django-tmpl    作者:jarrekk    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        # User should be active
        if not request.user.is_active:
            self.message = 'User is not active.'
            return False

        # Superuser can control any user
        if request.user.is_superuser:
            return True
        if request.user.pk != obj.pk:
            return False
        if request.user.emailaddress_set.exists() and not request.user.emailaddress_set.first().verified:
            self.message = 'Please activate your user via confirm email.'
            return False
        return True

# Custom rest_framework jwt response
项目:pfb-network-connectivity    作者:azavea    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        """Allow only admins to create results
        Arguments:
            request (rest_framework.request.Request): request to check for
        """

        if request.method in permissions.SAFE_METHODS:
            return True

        if not request.user or not request.user.is_authenticated():
            return False

        if 'AnalysisJobViewSet' == view.__class__.__name__:
            return is_admin(request.user)
        elif ('OrganizationViewSet' == view.__class__.__name__ and
              is_admin(request.user) and is_admin_org(request.user)):
            return True
        else:
            return request.user.role in UserRoles.DEFAULT_CREATE
项目:gennotes    作者:madprime    | 项目源码 | 文件源码 
def get_current_version(self, obj):
        """
        Return current version ID for non-edit methods, otherwise 'Unknown'.

        When editing, a new version will be created by django-reversion.
        However, due to transaction timing the ID for this new Version hasn't
        yet been generated and stored by the time the response for the editing
        API call is generated. Rather than return the old, incorrect ID, we
        simply report 'Unknown' for editing API calls.

        An editing app will need to perform a new GET request to get the new
        version ID for the object.
        """
        if self.context['request'].method in permissions.SAFE_METHODS:
            try:
                return reversion.get_for_date(obj, timezone.now()).id
            except Version.DoesNotExist:
                return 'Unknown'
        else:
            return 'Unknown'
项目:morango    作者:learningequality    | 项目源码 | 文件源码 
def has_permission(self, request, view):

        # the Django REST Framework browseable API calls this to see what buttons to show
        if not request.data:
            return True

        # we allow anyone to read certificates
        if request.method in permissions.SAFE_METHODS:
            return True

        # other than read (or other safe) operations, we only allow POST
        if request.method == "POST":
            # check that the authenticated user has the appropriate permissions to create the certificate
            if hasattr(request.user, "has_morango_certificate_scope_permission"):
                scope_definition_id = request.data.get("scope_definition")
                scope_params = json.loads(request.data.get("scope_params"))
                if scope_definition_id and scope_params and isinstance(scope_params, dict):
                    return request.user.has_morango_certificate_scope_permission(scope_definition_id, scope_params)
            return False

        return False
项目:EvalAI    作者:Cloud-CV    | 项目源码 | 文件源码 
def has_permission(self, request, view):

        if request.method in permissions.SAFE_METHODS:
            return True
        elif request.method in ['DELETE', 'PATCH', 'PUT', 'POST']:
            try:
                challenge = Challenge.objects.get(pk=request.parser_context['kwargs']['challenge_pk'])
            except Challenge.DoesNotExist:
                return False

            if request.user.id == challenge.creator.created_by.id:
                return True
            else:
                return False
        else:
            return False
项目:wger-lycan-clan    作者:andela    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        '''
        Perform the check
        '''
        owner_object = obj.get_owner_object() if hasattr(obj, 'get_owner_object') else False

        # Owner
        if owner_object and owner_object.user == request.user:
            return True

        # 'global' objects only for GET, HEAD or OPTIONS
        if not owner_object and request.method in permissions.SAFE_METHODS:
            return True

        # Everything else is a no-no
        return False
项目:socialhome    作者:jaywink    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        return obj.user == request.user
项目:socialhome    作者:jaywink    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return True

        if request.user.is_authenticated:
            return True

        return False
项目:socialhome    作者:jaywink    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        if request.user.is_authenticated:
            if view.action == "share" or obj.author == request.user.profile:
                return True

        return False
项目:gee-bridge    作者:francbartoli    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in SAFE_METHODS:
            return True
        elif request.method in ('POST', 'PUT', 'DELETE'):
            return True
项目:Instagram    作者:Fastcampus-WPS-5th    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj == request.user
项目:django-tmpl    作者:jarrekk    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
项目:minimum-entropy    作者:DistrictDataLabs    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.author == request.user
项目:higlass-server    作者:hms-dbmi    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        # if request.method in permissions.SAFE_METHODS:
        # Write permissions are only allowed to the owner of the snippet.
        if request.user.is_staff:
            return True
        else:
            return obj.owner == request.user
项目:pfb-network-connectivity    作者:azavea    | 项目源码 | 文件源码 
def has_permission(self, request, view):

        if request.method not in permissions.SAFE_METHODS:
            return is_admin(request.user) and is_admin_org(request.user)
        else:
            return True
项目:pfb-network-connectivity    作者:azavea    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        """Allow access to admins or if safe method"""

        if not request.user or not request.user.is_authenticated():
            return False

        if is_admin(request.user) or is_org_admin(request.user):
            return True

        if view.action in self.ALLOWED_ACTIONS or request.method in permissions.SAFE_METHODS:
            return True

        return False
项目:TaskApp    作者:isheng5    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return  True
        return request.user.is_superuser
项目:backend    作者:lecrec    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj.user == request.user
项目:gennotes    作者:madprime    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
        else:
            if request.auth and hasattr(request.auth, 'scope'):
                required_scopes = self.get_scopes(request, view)
                token_valid = request.auth.is_valid(required_scopes)
                user_verified = EmailAddress.objects.get(
                    user=request.user).verified
                return token_valid and user_verified
            if request.user and request.user.is_authenticated():
                # Avoiding try/except; we think this will work for any user.
                return EmailAddress.objects.get(user=request.user).verified

        return False
项目:woolly-api    作者:simde-utc    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.owner == request.user
项目:Pyphon    作者:pyphonic    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        """Read permissions are allowed to any request."""
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet
        return obj.owner == request.user  # This came from imager. might need changes.
项目:speakerbob    作者:paynejacob    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj == request.user
项目:sdining    作者:Lurance    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.business.user == request.user or request.user.is_superuser
项目:sdining    作者:Lurance    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.user == request.user or request.user.is_superuser
项目:paas-tools    作者:imperodesign    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        return request.method in permissions.SAFE_METHODS or request.user.is_superuser
项目:paas-tools    作者:imperodesign    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        """
        Return `True` if permission is granted, `False` otherwise.
        """
        return request.method in permissions.SAFE_METHODS or request.user.is_superuser
项目:cloud-clipboard    作者:krsoninikhil    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # anyone can read i.e. GET, OPTIONS, etc
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.user == request.user
项目:kolibri    作者:learningequality    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # note that there is no entry for POST here, as creation is handled by `has_permission`, above
        if request.method in permissions.SAFE_METHODS:  # 'GET', 'OPTIONS' or 'HEAD'
            return request.user.can_read(obj)
        elif request.method in ["PUT", "PATCH"]:
            return request.user.can_update(obj)
        elif request.method == "DELETE":
            return request.user.can_delete(obj)
        else:
            return False
项目:kolibri    作者:learningequality    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        if request.method == 'DELETE':
            return request.user.can_manage_content

        return False
项目:home-data-api    作者:data-skeptic    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True

        if request.user.is_authenticated():
            return request.user.profile.confirmed or request.user.is_superuser
        else:
            return False
项目:home-data-api    作者:data-skeptic    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        if request.user.is_authenticated():
            return request.user.profile.confirmed or request.user.is_superuser
        else:
            return False
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to everyone
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the club representative.
        return obj.channel.club.has_rep(request.user)
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to only club members
        if request.method in permissions.SAFE_METHODS:
            return obj.channel.club.has_member(request.user)

        # Write permissions are denied to everyone.
        return False
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to everyone
        if request.method in permissions.SAFE_METHODS:
            return True

        # Only allow a user to edit his/her details
        return obj == request.user
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to everyone
        if request.method in permissions.SAFE_METHODS:
            return True
        # Only allow a secretary to delete
        if request.method == 'DELETE':
            return request.user.is_secretary()
        # Only allow a secretary or club representative to update
        return request.user.is_secretary() or \
            obj.has_rep(request.user)
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            # Only allow the club members to view
            return obj.club.has_member(request.user)

        # Only allow the club representative to edit
        return obj.club.has_rep(request.user)
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return obj.author == request.user \
                    or request.user.is_secretary() \
                    or obj.club.has_rep(request.user)
        # Do not allow write permissions to anyone
        return False
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return obj.parent.author == request.user \
                    or request.user.is_secretary() \
                    or obj.parent.club.has_rep(request.user)

        # Do not allow anyone to modify or delete
        return False
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return request.user.is_secretary() or \
                    obj.has_club_member(request.user)
        # Do not allow anyone to delete a Project.
        if request.method == 'DELETE':
            return False
        # Allow write permissions to only the owner club representative
        return obj.owner_club.has_rep(request.user)
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            # Only allow the members of parent clubs to view details.
            return obj.project.has_club_member(request.user)

        if request.method == 'DELETE':
            # Only allow the leader and rep of the club to delete.
            return obj.project.has_leader(request.user) or \
                obj.club.has_rep(request.user)

        # Do not allow anyone to edit
        return False
项目:clubnet    作者:mani-shailesh    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method not in permissions.SAFE_METHODS:
            # Do not allow anyone to modify/delete
            return False

        # Only allow access to the requester or the representative of the club
        # for which the request is made
        if obj.club.has_rep(request.user) or \
           obj.user == request.user:
            return True
        return False
项目:MoviebookAPI    作者:mehtamanan    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.owner == request.user.profile
项目:MoviebookAPI    作者:mehtamanan    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.user == request.user
项目:naka    作者:shivamMg    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        return request.user.is_staff
项目:drf-tutorial    作者:andreagrandi    | 项目源码 | 文件源码 
def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return True

        return request.user.is_staff
项目:drf-tutorial    作者:andreagrandi    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in SAFE_METHODS:
            return True

        return obj.created_by == request.user
项目:momo-wps    作者:WPS-team-4    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.pk == request.user.pk
项目:profiles-rest-api    作者:LondonAppDevVideos1    | 项目源码 | 文件源码 
def has_object_permission(self, request, view, obj):
        """Check user is trying to edit their own profile."""

        if request.method in permissions.SAFE_METHODS:
            return True

        return obj.id == request.user.id