nkey/colio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: [#64] 코드 owner 혹은 팀원인지 확인 여부

Browse Source
This commit is contained in:
sm4640
2025-06-05 18:31:06 +09:00
parent 5770a27a52
commit d1911eb1b8
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nocodetools/permissions.py Normal file
View File

@@ -0,0 +1,26 @@
# permissions.py
from rest_framework.permissions import BasePermission
from projects.models import Project, ProjectTeamList
from portfolios.models import Portfolio
UNSAFE_REQUEST = ["POST", "PUT", "PATCH", "DELETE"]
class IsOwnerOrMemberInCreateAndUpdateAndDelete(BasePermission):
def has_permission(self, request, view):
if request.method not in UNSAFE_REQUEST:
return True
related_type = request.query_params.get("type")
related_id = request.query_params.get("id")
if not related_type or not related_id:
return False
user = request.user
if related_type == "project":
return ProjectTeamList.objects.filter(project=related_id, user=user).exists()
elif related_type == "portfolio":
return Portfolio.objects.filter(id=related_id, owner=user).exists()
else:
return False