Only allow lockout admins to access tool, category

2018-09-13 23:02:51 -06:00 · 2018-09-13 23:02:51 -06:00 · 61ceff77e3
commit 61ceff77e3
parent e1c776698e
1 changed files with 9 additions and 0 deletions
--- a/authserver/authserver/api/views.py
+++ b/authserver/authserver/api/views.py
@ -3,13 +3,22 @@ from rest_framework import viewsets, permissions

 from . import models, serializers

+class IsLockoutAdmin(permissions.BasePermission):
+    def has_permission(self, request, view):
+        try:
+            return request.user.profile.lockout_admin
+        except AttributeError:
+            return False
+
 class CategoryViewSet(viewsets.ModelViewSet):
    queryset = models.Category.objects.all().order_by('id')
    serializer_class = serializers.CategorySerializer
+    permission_classes = (IsLockoutAdmin,)

 class ToolViewSet(viewsets.ModelViewSet):
    queryset = models.Tool.objects.all().order_by('id')
    serializer_class = serializers.ToolSerializer
+    permission_classes = (IsLockoutAdmin,)

 class ToolDataViewSet(viewsets.ReadOnlyModelViewSet):
    queryset = models.Category.objects.all().order_by('id')