50 lines
1.7 KiB
Python
50 lines
1.7 KiB
Python
from rest_framework import permissions
|
|
|
|
from apps.projects.models import ProjectMembership
|
|
|
|
|
|
def get_project_from_obj(obj):
|
|
"""Helper to extract the project from different model types."""
|
|
# If the object is a Project, it will have a 'workspace' attribute.
|
|
# Otherwise, it's a related model (Membership, Rate) and has a 'project' attribute.
|
|
return obj if hasattr(obj, "workspace") else obj.project
|
|
|
|
|
|
class IsProjectMember(permissions.BasePermission):
|
|
"""
|
|
Allows access only to users who have an active membership in the project.
|
|
"""
|
|
message = "شما عضو این پروژه نیستید."
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
if not request.user or not request.user.is_authenticated:
|
|
return False
|
|
|
|
project = get_project_from_obj(obj)
|
|
return ProjectMembership.objects.filter(
|
|
project=project,
|
|
user=request.user,
|
|
is_active=True,
|
|
is_deleted=False
|
|
).exists()
|
|
|
|
|
|
class IsProjectManager(permissions.BasePermission):
|
|
"""
|
|
Allows access only to users who are active MANAGERs of the project.
|
|
"""
|
|
message = "فقط مدیران پروژه مجاز به انجام این عملیات هستند."
|
|
|
|
def has_object_permission(self, request, view, obj):
|
|
if not request.user or not request.user.is_authenticated:
|
|
return False
|
|
|
|
project = get_project_from_obj(obj)
|
|
return ProjectMembership.objects.filter(
|
|
project=project,
|
|
user=request.user,
|
|
role=ProjectMembership.Role.MANAGER,
|
|
is_active=True,
|
|
is_deleted=False
|
|
).exists()
|