3 Ah`#@sdZddlmZddlmZd'ZGdddZGd d d eZGd d d eZGd ddZ GdddZ GdddZ Gdddee Z Gddde dZGdddeZGdddeZGdddeZGdddeZGd d!d!eZGd"d#d#eZGd$d%d%eZd&S)(z2 Provides a set of pluggable permission policies. )Http404) exceptionsGETHEADOPTIONSc@s4eZdZddZddZddZddZd d Zd S) OperationHolderMixincCs tt||S)N) OperandHolderAND)selfotherr I/tmp/pip-build-9m32_hle/djangorestframework/rest_framework/permissions.py__and__ szOperationHolderMixin.__and__cCs tt||S)N)rOR)r r r r r __or__szOperationHolderMixin.__or__cCs tt||S)N)rr )r r r r r __rand__szOperationHolderMixin.__rand__cCs tt||S)N)rr)r r r r r __ror__szOperationHolderMixin.__ror__cCs tt|S)N)SingleOperandHolderNOT)r r r r __invert__szOperationHolderMixin.__invert__N)__name__ __module__ __qualname__rrrrrr r r r r s rc@seZdZddZddZdS)rcCs||_||_dS)N)operator_class op1_class)r rrr r r __init__szSingleOperandHolder.__init__cOs|j||}|j|S)N)rr)r argskwargsop1r r r __call__!s zSingleOperandHolder.__call__N)rrrrrr r r r rsrc@seZdZddZddZdS)rcCs||_||_||_dS)N)rr op2_class)r rrr r r r r'szOperandHolder.__init__cOs$|j||}|j||}|j||S)N)rr r)r rrrop2r r r r,s  zOperandHolder.__call__N)rrrrrr r r r r&src@s$eZdZddZddZddZdS)r cCs||_||_dS)N)rr!)r rr!r r r r3sz AND.__init__cCs|jj||o|jj||S)N)rhas_permissionr!)r requestviewr r r r"7szAND.has_permissioncCs |jj|||o|jj|||S)N)rhas_object_permissionr!)r r#r$objr r r r%=szAND.has_object_permissionN)rrrrr"r%r r r r r 2sr c@s$eZdZddZddZddZdS)rcCs||_||_dS)N)rr!)r rr!r r r rEsz OR.__init__cCs|jj||p|jj||S)N)rr"r!)r r#r$r r r r"IszOR.has_permissioncCs |jj|||p|jj|||S)N)rr%r!)r r#r$r&r r r r%OszOR.has_object_permissionN)rrrrr"r%r r r r rDsrc@s$eZdZddZddZddZdS)rcCs ||_dS)N)r)r rr r r rWsz NOT.__init__cCs|jj|| S)N)rr")r r#r$r r r r"ZszNOT.has_permissioncCs|jj||| S)N)rr%)r r#r$r&r r r r%]szNOT.has_object_permissionN)rrrrr"r%r r r r rVsrc@s eZdZdS)BasePermissionMetaclassN)rrrr r r r r'asr'c@s eZdZdZddZddZdS)BasePermissionzH A base class from which all permission classes should inherit. cCsdS)zL Return `True` if permission is granted, `False` otherwise. Tr )r r#r$r r r r"jszBasePermission.has_permissioncCsdS)zL Return `True` if permission is granted, `False` otherwise. Tr )r r#r$r&r r r r%psz$BasePermission.has_object_permissionN)rrr__doc__r"r%r r r r r(esr() metaclassc@seZdZdZddZdS)AllowAnyz Allow any access. This isn't strictly required, since you could use an empty permission_classes list, but it's useful because it makes the intention more explicit. cCsdS)NTr )r r#r$r r r r"szAllowAny.has_permissionN)rrrr)r"r r r r r+wsr+c@seZdZdZddZdS)IsAuthenticatedz4 Allows access only to authenticated users. cCst|jo|jjS)N)booluseris_authenticated)r r#r$r r r r"szIsAuthenticated.has_permissionN)rrrr)r"r r r r r,sr,c@seZdZdZddZdS) IsAdminUserz, Allows access only to admin users. cCst|jo|jjS)N)r-r.Zis_staff)r r#r$r r r r"szIsAdminUser.has_permissionN)rrrr)r"r r r r r0sr0c@seZdZdZddZdS)IsAuthenticatedOrReadOnlyzL The request is authenticated as a user, or is a read-only request. cCst|jtkp|jo|jjS)N)r-method SAFE_METHODSr.r/)r r#r$r r r r"s z(IsAuthenticatedOrReadOnly.has_permissionN)rrrr)r"r r r r r1sr1c@sHeZdZdZgggdgdgdgdgdZdZddZd d Zd d Zd S)DjangoModelPermissionsa} The request is authenticated using `django.contrib.auth` permissions. See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the model. This permission can only be applied against view classes that provide a `.queryset` attribute. z %(app_label)s.add_%(model_name)sz#%(app_label)s.change_%(model_name)sz#%(app_label)s.delete_%(model_name)s)rrrPOSTPUTPATCHDELETETcs>|jj|jjd||jkr&tj|fdd|j|DS)z Given a model and an HTTP method, return the list of permission codes that the user is required to have. ) app_label model_namecsg|] }|qSr r ).0perm)rr r szCDjangoModelPermissions.get_required_permissions..)_metar9r: perms_maprMethodNotAllowed)r r2 model_clsr )rr get_required_permissionss    z/DjangoModelPermissions.get_required_permissionscCsbt|ds,t|dddk s,tdj|jjt|dr\|j}|dk sXtdj|jj|S|jS)N get_querysetquerysetz[Cannot apply {} on a view that does not set `.queryset` or have a `.get_queryset()` method.z{}.get_queryset() returned None)hasattrgetattrAssertionErrorformat __class__rrCrD)r r$rDr r r _querysets    z DjangoModelPermissions._querysetcCsRt|ddrdS|j s(|jj r,|jr,dS|j|}|j|j|j}|jj|S)NZ_ignore_model_permissionsFT) rFr.r/authenticated_users_onlyrJrBr2model has_perms)r r#r$rDpermsr r r r"s  z%DjangoModelPermissions.has_permissionN) rrrr)r?rKrBrJr"r r r r r4s  r4c@seZdZdZdZdS)$DjangoModelPermissionsOrAnonReadOnlyzj Similar to DjangoModelPermissions, except that anonymous users are allowed read-only access. FN)rrrr)rKr r r r rOsrOc@s<eZdZdZgggdgdgdgdgdZddZdd Zd S) DjangoObjectPermissionsa The request is authenticated using Django's object-level permissions. It requires an object-permissions-enabled backend, such as Django Guardian. It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the object using .has_perms. This permission can only be applied against view classes that provide a `.queryset` attribute. z %(app_label)s.add_%(model_name)sz#%(app_label)s.change_%(model_name)sz#%(app_label)s.delete_%(model_name)s)rrrr5r6r7r8cs>|jj|jjd||jkr&tj|fdd|j|DS)N)r9r:csg|] }|qSr r )r;r<)rr r r=szKDjangoObjectPermissions.get_required_object_permissions..)r>r9r:r?rr@)r r2rAr )rr get_required_object_permissionss    z7DjangoObjectPermissions.get_required_object_permissionsc Csb|j|}|j}|j}|j|j|}|j||s^|jtkr>t|jd|}|j||sZtdSdS)NrFT)rJrLr.rQr2rMr3r) r r#r$r&rDrAr.rNZ read_permsr r r r%s     z-DjangoObjectPermissions.has_object_permissionN)rrrr)r?rQr%r r r r rPs   rPN)rrr)r)Z django.httprZrest_frameworkrr3rrrr rrtyper'r(r+r,r0r1r4rOrPr r r r s$         I