Initial commit

2025-06-28 05:26:07 +00:00 · 2025-01-20 14:33:03 +05:00
commit 4d0eb86478
84 changed files with 4436 additions and 0 deletions
--- a/api/permissions.py
+++ b/api/permissions.py
@ -0,0 +1,32 @@
+from rest_framework import permissions
+
+
+class IsStaffEditorPermission(permissions.DjangoModelPermissions):
+    perms_map = {
+        "GET": ["%(app_label)s.view_%(model_name)s"],
+        "OPTIONS": [],
+        "HEAD": [],
+        "POST": ["%(app_label)s.add_%(model_name)s"],
+        "PUT": ["%(app_label)s.change_%(model_name)s"],
+        "PATCH": ["%(app_label)s.change_%(model_name)s"],
+        "DELETE": ["%(app_label)s.delete_%(model_name)s"],
+    }
+
+    message = {
+        "message": "You do not have permission to perform this action.",
+    }
+
+    def has_permission(self, request, view):
+        # Ensure the user is authenticated
+        if not request.user.is_authenticated:
+            return False
+
+        # Get the model name from the view
+        model_name = view.queryset.model._meta.model_name
+        app_label = view.queryset.model._meta.app_label
+
+        # Check permissions based on the request method
+        perms = self.perms_map.get(request.method, [])
+        perms = [perm % {'app_label': app_label, 'model_name': model_name} for perm in perms]
+
+        return request.user.has_perms(perms)