U ڲg|%@sdZddlmZddlmZdZGdddZGdddeZGd d d eZGd d d Z Gd ddZ GdddZ Gdddee Z Gddde dZGdddeZGdddeZGdddeZGdddeZGdddeZGd d!d!eZGd"d#d#eZd$S)%z2 Provides a set of pluggable permission policies. )Http404) exceptions)GETHEADOPTIONSc@s4eZdZddZddZddZddZd d Zd S) OperationHolderMixincCs tt||SN OperandHolderANDselfotherr>/tmp/pip-unpacked-wheel-11h17kvo/rest_framework/permissions.py__and__ szOperationHolderMixin.__and__cCs tt||Srr ORr rrr__or__szOperationHolderMixin.__or__cCs tt||Srr r rrr__rand__szOperationHolderMixin.__rand__cCs tt||Srrr rrr__ror__szOperationHolderMixin.__ror__cCs tt|Sr)SingleOperandHolderNOTr rrr __invert__szOperationHolderMixin.__invert__N)__name__ __module__ __qualname__rrrrrrrrrr s rc@seZdZddZddZdS)rcCs||_||_dSr)operator_class op1_class)r rrrrr__init__szSingleOperandHolder.__init__cOs|j||}||Sr)rr)r argskwargsop1rrr__call__!s zSingleOperandHolder.__call__N)rrrr r$rrrrrsrc@s,eZdZddZddZddZddZd S) r cCs||_||_||_dSr)rr op2_class)r rrr%rrrr 'szOperandHolder.__init__cOs$|j||}|j||}|||Sr)rr%r)r r!r"r#op2rrrr$,s  zOperandHolder.__call__cCs.t|to,|j|jko,|j|jko,|j|jkSr) isinstancer rrr%r rrr__eq__1s    zOperandHolder.__eq__cCst|j|j|jfSr)hashrrr%rrrr__hash__9szOperandHolder.__hash__N)rrrr r$r(r*rrrrr &sr c@s$eZdZddZddZddZdS)r cCs||_||_dSrr#r&r r#r&rrrr >sz AND.__init__cCs|j||o|j||Srr#has_permissionr&r requestviewrrrr.Bs zAND.has_permissioncCs |j|||o|j|||Sr)r#has_object_permissionr&r r0r1objrrrr2HszAND.has_object_permissionNrrrr r.r2rrrrr =sr c@s$eZdZddZddZddZdS)rcCs||_||_dSrr+r,rrrr Psz OR.__init__cCs|j||p|j||Srr-r/rrrr.Ts zOR.has_permissioncCs<|j||r|j|||p:|j||o:|j|||Sr)r#r.r2r&r3rrrr2Zs zOR.has_object_permissionNr5rrrrrOsrc@s$eZdZddZddZddZdS)rcCs ||_dSr)r#)r r#rrrr esz NOT.__init__cCs|j|| Sr)r#r.r/rrrr.hszNOT.has_permissioncCs|j||| Sr)r#r2r3rrrr2kszNOT.has_object_permissionNr5rrrrrdsrc@s eZdZdS)BasePermissionMetaclassN)rrrrrrrr6osr6c@s eZdZdZddZddZdS)BasePermissionzH A base class from which all permission classes should inherit. cCsdSzL Return `True` if permission is granted, `False` otherwise. Trr/rrrr.xszBasePermission.has_permissioncCsdSr8rr3rrrr2~sz$BasePermission.has_object_permissionN)rrr__doc__r.r2rrrrr7ssr7) metaclassc@seZdZdZddZdS)AllowAnyz Allow any access. This isn't strictly required, since you could use an empty permission_classes list, but it's useful because it makes the intention more explicit. cCsdS)NTrr/rrrr.szAllowAny.has_permissionNrrrr9r.rrrrr;sr;c@seZdZdZddZdS)IsAuthenticatedz4 Allows access only to authenticated users. cCst|jo|jjSr)booluseris_authenticatedr/rrrr.szIsAuthenticated.has_permissionNr<rrrrr=sr=c@seZdZdZddZdS) IsAdminUserz, Allows access only to admin users. cCst|jo|jjSr)r>r?Zis_staffr/rrrr.szIsAdminUser.has_permissionNr<rrrrrAsrAc@seZdZdZddZdS)IsAuthenticatedOrReadOnlyzL The request is authenticated as a user, or is a read-only request. cCst|jtkp|jo|jjSr)r>method SAFE_METHODSr?r@r/rrrr.s  z(IsAuthenticatedOrReadOnly.has_permissionNr<rrrrrBsrBc@sHeZdZdZgggdgdgdgdgdZdZddZd d Zd d Zd S)DjangoModelPermissionsa} The request is authenticated using `django.contrib.auth` permissions. See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the model. This permission can only be applied against view classes that provide a `.queryset` attribute. %(app_label)s.add_%(model_name)s#%(app_label)s.change_%(model_name)s#%(app_label)s.delete_%(model_name)srrrPOSTPUTPATCHDELETETcs>|jj|jjd||jkr&t|fdd|j|DS)z Given a model and an HTTP method, return the list of permission codes that the user is required to have.  app_label model_namecsg|] }|qSrr.0permr"rr szCDjangoModelPermissions.get_required_permissions..Z_metarOrP perms_maprZMethodNotAllowedr rC model_clsrrTrget_required_permissionss   z/DjangoModelPermissions.get_required_permissionscCsbt|ds,t|dddk s,td|jjt|dr\|}|dk sXtd|jj|S|jS)N get_querysetquerysetz[Cannot apply {} on a view that does not set `.queryset` or have a `.get_queryset()` method.z{}.get_queryset() returned None)hasattrgetattrAssertionErrorformat __class__rr[r\)r r1r\rrr _querysets    z DjangoModelPermissions._querysetcCsN|jr|jjs|jrdSt|ddr(dS||}||j|j}|j|S)NFZ_ignore_model_permissionsT) r?r@authenticated_users_onlyr^rbrZrCmodel has_perms)r r0r1r\permsrrrr.s  z%DjangoModelPermissions.has_permissionN) rrrr9rWrcrZrbr.rrrrrEs rEc@seZdZdZdZdS)$DjangoModelPermissionsOrAnonReadOnlyzj Similar to DjangoModelPermissions, except that anonymous users are allowed read-only access. FN)rrrr9rcrrrrrgsrgc@s<eZdZdZgggdgdgdgdgdZddZdd Zd S) DjangoObjectPermissionsa The request is authenticated using Django's object-level permissions. It requires an object-permissions-enabled backend, such as Django Guardian. It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the object using .has_perms. This permission can only be applied against view classes that provide a `.queryset` attribute. rFrGrHrIcs>|jj|jjd||jkr&t|fdd|j|DS)NrNcsg|] }|qSrrrQrTrrrUszKDjangoObjectPermissions.get_required_object_permissions..rVrXrrTrget_required_object_permissionss   z7DjangoObjectPermissions.get_required_object_permissionsc Csb||}|j}|j}||j|}|||s^|jtkr>t|d|}|||sZtdSdS)NrFT)rbrdr?rirCrerDr) r r0r1r4r\rYr?rfZ read_permsrrrr2!s     z-DjangoObjectPermissions.has_object_permissionN)rrrr9rWrir2rrrrrhs   rhN)r9Z django.httprZrest_frameworkrrDrrr r rrtyper6r7r;r=rArBrErgrhrrrrs$        I