vontor-cz/backend/account/permissions.py

from rest_framework.permissions import BasePermission, SAFE_METHODS
from rest_framework.permissions import IsAuthenticated
from rest_framework_api_key.permissions import HasAPIKey


#Podle svého uvážení (NEPOUŽÍVAT!!!)
class RolePermission(BasePermission):
    allowed_roles = []

    def has_permission(self, request, view):
        # Je uživatel přihlášený a má roli z povolených?
        user_has_role = (
            request.user and
            request.user.is_authenticated and
            getattr(request.user, "role", None) in self.allowed_roles
        )

        # Má API klíč?
        has_api_key = HasAPIKey().has_permission(request, view)


        return user_has_role or has_api_key


#TOHLE POUŽÍT!!!
#Prostě stačí vložit: RoleAllowed('seller','cityClerk')
def RoleAllowed(*roles):
    """
    Allows safe methods for any authenticated user.
    Allows unsafe methods only for users with specific roles.

    Args:
        RolerAllowed('admin', 'user')
    """
    class SafeOrRolePermission(BasePermission):
        

        def has_permission(self, request, view):
            # Allow safe methods for any authenticated user
            if request.method in SAFE_METHODS:
                return IsAuthenticated().has_permission(request, view)

            # Otherwise, check the user's role
            user = request.user
            return user and user.is_authenticated and getattr(user, "role", None) in roles

    return SafeOrRolePermission


def OnlyRolesAllowed(*roles):
    class SafeOrRolePermission(BasePermission):
        """
        Allows all methods only for users with specific roles.
        """

        def has_permission(self, request, view):
            # Otherwise, check the user's role
            user = request.user
            return user and user.is_authenticated and getattr(user, "role", None) in roles

    return SafeOrRolePermission

  
# For Settings.py
class AdminOnly(BasePermission):
    """ Allows access only to users with the 'admin' role.

    Args:
        BasePermission (rest_framework.permissions.BasePermission): Base class for permission classes.
    """
    def has_permission(self, request, view):
        return request.user and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'