Source code for fleetingform.permissions
import logging
from rest_framework import permissions
from rest_framework.exceptions import Throttled
logger = logging.getLogger(__name__)
[docs]class FleetingFormTokenPermission(permissions.BasePermission):
"""Require the presence of the correct namespace token."""
message = "A valid token and namespace are required."
[docs] def has_permission(self, request, view):
has_permission = hasattr(request, 'namespace') and request.namespace
if not has_permission:
logger.debug(f"has_permission False for {request}")
return has_permission
[docs] def has_object_permission(self, request, view, obj):
if self.has_permission(request, view) and \
request.namespace == obj.namespace:
return True
logger.warn("object permission rejected for {} {} != {}".format(
obj,
request.namespace if hasattr(request, 'namespace') else 'none',
obj.namespace))
return False
[docs]class FleetingNamespaceTokenPermission(permissions.BasePermission):
"""Require the presence of the correct namespace token or user token."""
message = "A valid token is required."
[docs] def has_permission(self, request, view):
"""Users can create new namespaces, namespace tokens cannot.
Users and namespace tokens can both list."""
has_permission = False
if request.user and request.user.is_authenticated:
has_permission = True
else:
if request.method == 'GET':
has_permission = (hasattr(request, 'namespace')
and request.namespace)
if not has_permission:
logger.debug(f"has_permission False for {request}")
return has_permission
[docs] def has_object_permission(self, request, view, obj):
if hasattr(request, 'namespace') and request.namespace:
if request.namespace == obj: # pragma: no branch - qs
return True
elif request.user and request.user.is_authenticated:
if obj in request.user.namespaces.all(): # pragma: no branch - qs
return True
else: # pragma: no cover - covered by queryset filtering
logger.warn("object permission rejected for {} {} != {}".format(
obj,
request.namespace if hasattr(request, 'namespace') else 'none',
obj.namespace))
return False
[docs]class FleetingFormHardLimitPermission(permissions.BasePermission):
"""Do not allow creates for users over their hard limit."""
message = "Namespace hard limit exceeded."
[docs] def has_permission(self, request, view):
if request.method == 'POST':
namespace = request.namespace
if namespace.forms_this_month >= namespace.hard_limit:
raise Throttled(detail=self.message)
return True