gukgjzkgjhgjh

backend/social/hubs/permissions.py

@@ -0,0 +1,53 @@
+from rest_framework.permissions import IsAuthenticated, SAFE_METHODS
+
+
+class CanEditHub(IsAuthenticated):
+    """
+    Hub object-level permission.
+    - View-level: must be authenticated (inherited).
+    - Object-level unsafe: hub owner, superuser, or any moderator
+      (field-level restrictions enforced in HubSerializer).
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in SAFE_METHODS:
+            return True
+        
+        user = request.user
+        if obj.owner == user or user.is_superuser:
+            return True
+        
+        return obj.moderators.filter(user=user).exists()
+
+
+class IsHubOwnerOrSuperuser(IsAuthenticated):
+    """
+    For objects with a .hub FK (e.g. HubPermission).
+    - View-level: must be authenticated (inherited).
+    - Object-level unsafe: hub owner or superuser only.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in SAFE_METHODS:
+            return True
+        
+        return request.user.is_superuser or obj.hub.owner == request.user
+
+
+class CanManageHubTags(IsAuthenticated):
+    """
+    For Tags (navigates via obj.hub).
+    - View-level: must be authenticated (inherited).
+    - Object-level unsafe: hub owner, superuser, or moderator with managing_posts=True.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in SAFE_METHODS:
+            return True
+        
+        user = request.user
+        hub = obj.hub
+        if user.is_superuser or hub.owner == user:
+            return True
+        
+        return hub.moderators.filter(user=user, managing_posts=True).exists()