app.infrastructure.permissions
1from rest_framework.permissions import BasePermission, SAFE_METHODS 2 3 4class HospitalPermission(BasePermission): 5 """ 6 Permission for hospital-level operations. 7 - SAFE_METHODS (GET, HEAD, OPTIONS): Allowed for all users. 8 - PUT/PATCH: Allowed for superusers and staff. 9 - DELETE: Not allowed. 10 - Other methods: Not allowed. 11 """ 12 def has_permission(self, request, view): 13 if request.method in SAFE_METHODS: 14 return True 15 if request.method in ['PUT', 'PATCH']: 16 return request.user and (request.user.is_superuser or request.user.is_staff) 17 if request.method == 'DELETE': 18 return False 19 return False 20 21 22class IsHospitalUserOrSuperUser(BasePermission): 23 """ 24 Permission for hospital users and superusers. 25 - SAFE_METHODS: Allowed if user's hospital matches object. 26 - POST: Allowed for superusers. 27 - PUT/PATCH/DELETE: Allowed for superusers or staff of the same hospital. 28 """ 29 def has_permission(self, request, view): 30 if request.method in SAFE_METHODS: 31 return True 32 if request.method == 'POST': 33 return request.user and request.user.is_superuser 34 if request.method in ['PUT', 'PATCH']: 35 return request.user and ( 36 request.user.is_superuser or 37 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 38 ) 39 if request.method == 'DELETE': 40 return request.user and ( 41 request.user.is_superuser or 42 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 43 ) 44 return False 45 46 def has_object_permission(self, request, view, obj): 47 if request.method in SAFE_METHODS: 48 return request.user.hospital_id == obj.id 49 if request.method in ['PUT', 'PATCH']: 50 return request.user and ( 51 request.user.is_superuser or 52 (request.user.is_staff and request.user.hospital_id == obj.id) 53 ) 54 if request.method == 'DELETE': 55 return request.user and ( 56 request.user.is_superuser or 57 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 58 ) 59 return False 60 61 62class RoleEditPermission(BasePermission): 63 """ 64 Permission for editing roles. 65 - SAFE_METHODS: Allowed for all users. 66 - Other methods: Allowed for superusers or staff of the same hospital. 67 """ 68 def has_permission(self, request, view): 69 if request.method in SAFE_METHODS: 70 return True 71 if request.user.is_superuser: 72 return True 73 if request.user.is_staff: 74 return request.user.hospital_id == int(view.kwargs.get('hospital_pk')) 75 return False 76 77 78class UserPermission(BasePermission): 79 """ 80 Permission for user operations. 81 - SAFE_METHODS: Allowed for all users. 82 - Superusers: Full access. 83 - Staff: Full access within their hospital. 84 - Normal users: Can edit their own profile (PUT/PATCH). 85 """ 86 def has_permission(self, request, view): 87 if request.method in SAFE_METHODS: 88 return True 89 90 hospital_id = int(view.kwargs.get('hospital_pk')) 91 92 if request.user.is_superuser: 93 return True 94 95 if request.user.is_staff and request.user.hospital_id == hospital_id: 96 return True 97 98 if request.method in ['PUT', 'PATCH']: 99 return request.user.id == int(view.kwargs.get('pk') or view.kwargs.get('id')) 100 101 return False 102 103 def has_object_permission(self, request, view, obj): 104 if request.method in SAFE_METHODS: 105 return True 106 107 if request.user.is_superuser: 108 return True 109 110 if request.user.is_staff and request.user.hospital_id == obj.hospital.id: 111 return True 112 113 if request.method in ['PUT', 'PATCH'] and request.user.id == obj.id: 114 return True 115 116 if request.method == 'DELETE': 117 return request.user.is_staff and request.user.hospital_id == obj.hospital.id 118 119 return False 120 121 122class WardPermission(BasePermission): 123 """ 124 Permission for ward operations. 125 - SAFE_METHODS: Allowed for all users. 126 - Superusers: Full access. 127 - Staff: Can add/delete within their hospital. 128 """ 129 def has_permission(self, request, view): 130 if request.method in SAFE_METHODS: 131 return True 132 133 hospital_id = int(view.kwargs.get('hospital_pk')) 134 135 if request.user.is_superuser: 136 return True 137 138 if request.method in ['POST','DELETE']: 139 if request.user.is_staff and request.user.hospital_id == hospital_id: 140 return True 141 # else not allowed 142 return False
class
HospitalPermission(rest_framework.permissions.BasePermission):
5class HospitalPermission(BasePermission): 6 """ 7 Permission for hospital-level operations. 8 - SAFE_METHODS (GET, HEAD, OPTIONS): Allowed for all users. 9 - PUT/PATCH: Allowed for superusers and staff. 10 - DELETE: Not allowed. 11 - Other methods: Not allowed. 12 """ 13 def has_permission(self, request, view): 14 if request.method in SAFE_METHODS: 15 return True 16 if request.method in ['PUT', 'PATCH']: 17 return request.user and (request.user.is_superuser or request.user.is_staff) 18 if request.method == 'DELETE': 19 return False 20 return False
Permission for hospital-level operations.
- SAFE_METHODS (GET, HEAD, OPTIONS): Allowed for all users.
- PUT/PATCH: Allowed for superusers and staff.
- DELETE: Not allowed.
- Other methods: Not allowed.
def
has_permission(self, request, view):
13 def has_permission(self, request, view): 14 if request.method in SAFE_METHODS: 15 return True 16 if request.method in ['PUT', 'PATCH']: 17 return request.user and (request.user.is_superuser or request.user.is_staff) 18 if request.method == 'DELETE': 19 return False 20 return False
Return True if permission is granted, False otherwise.
class
IsHospitalUserOrSuperUser(rest_framework.permissions.BasePermission):
23class IsHospitalUserOrSuperUser(BasePermission): 24 """ 25 Permission for hospital users and superusers. 26 - SAFE_METHODS: Allowed if user's hospital matches object. 27 - POST: Allowed for superusers. 28 - PUT/PATCH/DELETE: Allowed for superusers or staff of the same hospital. 29 """ 30 def has_permission(self, request, view): 31 if request.method in SAFE_METHODS: 32 return True 33 if request.method == 'POST': 34 return request.user and request.user.is_superuser 35 if request.method in ['PUT', 'PATCH']: 36 return request.user and ( 37 request.user.is_superuser or 38 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 39 ) 40 if request.method == 'DELETE': 41 return request.user and ( 42 request.user.is_superuser or 43 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 44 ) 45 return False 46 47 def has_object_permission(self, request, view, obj): 48 if request.method in SAFE_METHODS: 49 return request.user.hospital_id == obj.id 50 if request.method in ['PUT', 'PATCH']: 51 return request.user and ( 52 request.user.is_superuser or 53 (request.user.is_staff and request.user.hospital_id == obj.id) 54 ) 55 if request.method == 'DELETE': 56 return request.user and ( 57 request.user.is_superuser or 58 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 59 ) 60 return False
Permission for hospital users and superusers.
- SAFE_METHODS: Allowed if user's hospital matches object.
- POST: Allowed for superusers.
- PUT/PATCH/DELETE: Allowed for superusers or staff of the same hospital.
def
has_permission(self, request, view):
30 def has_permission(self, request, view): 31 if request.method in SAFE_METHODS: 32 return True 33 if request.method == 'POST': 34 return request.user and request.user.is_superuser 35 if request.method in ['PUT', 'PATCH']: 36 return request.user and ( 37 request.user.is_superuser or 38 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 39 ) 40 if request.method == 'DELETE': 41 return request.user and ( 42 request.user.is_superuser or 43 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 44 ) 45 return False
Return True if permission is granted, False otherwise.
def
has_object_permission(self, request, view, obj):
47 def has_object_permission(self, request, view, obj): 48 if request.method in SAFE_METHODS: 49 return request.user.hospital_id == obj.id 50 if request.method in ['PUT', 'PATCH']: 51 return request.user and ( 52 request.user.is_superuser or 53 (request.user.is_staff and request.user.hospital_id == obj.id) 54 ) 55 if request.method == 'DELETE': 56 return request.user and ( 57 request.user.is_superuser or 58 (request.user.is_staff and request.user.hospital_id == int(view.kwargs.get('pk'))) 59 ) 60 return False
Return True if permission is granted, False otherwise.
class
RoleEditPermission(rest_framework.permissions.BasePermission):
63class RoleEditPermission(BasePermission): 64 """ 65 Permission for editing roles. 66 - SAFE_METHODS: Allowed for all users. 67 - Other methods: Allowed for superusers or staff of the same hospital. 68 """ 69 def has_permission(self, request, view): 70 if request.method in SAFE_METHODS: 71 return True 72 if request.user.is_superuser: 73 return True 74 if request.user.is_staff: 75 return request.user.hospital_id == int(view.kwargs.get('hospital_pk')) 76 return False
Permission for editing roles.
- SAFE_METHODS: Allowed for all users.
- Other methods: Allowed for superusers or staff of the same hospital.
def
has_permission(self, request, view):
69 def has_permission(self, request, view): 70 if request.method in SAFE_METHODS: 71 return True 72 if request.user.is_superuser: 73 return True 74 if request.user.is_staff: 75 return request.user.hospital_id == int(view.kwargs.get('hospital_pk')) 76 return False
Return True if permission is granted, False otherwise.
class
UserPermission(rest_framework.permissions.BasePermission):
79class UserPermission(BasePermission): 80 """ 81 Permission for user operations. 82 - SAFE_METHODS: Allowed for all users. 83 - Superusers: Full access. 84 - Staff: Full access within their hospital. 85 - Normal users: Can edit their own profile (PUT/PATCH). 86 """ 87 def has_permission(self, request, view): 88 if request.method in SAFE_METHODS: 89 return True 90 91 hospital_id = int(view.kwargs.get('hospital_pk')) 92 93 if request.user.is_superuser: 94 return True 95 96 if request.user.is_staff and request.user.hospital_id == hospital_id: 97 return True 98 99 if request.method in ['PUT', 'PATCH']: 100 return request.user.id == int(view.kwargs.get('pk') or view.kwargs.get('id')) 101 102 return False 103 104 def has_object_permission(self, request, view, obj): 105 if request.method in SAFE_METHODS: 106 return True 107 108 if request.user.is_superuser: 109 return True 110 111 if request.user.is_staff and request.user.hospital_id == obj.hospital.id: 112 return True 113 114 if request.method in ['PUT', 'PATCH'] and request.user.id == obj.id: 115 return True 116 117 if request.method == 'DELETE': 118 return request.user.is_staff and request.user.hospital_id == obj.hospital.id 119 120 return False
Permission for user operations.
- SAFE_METHODS: Allowed for all users.
- Superusers: Full access.
- Staff: Full access within their hospital.
- Normal users: Can edit their own profile (PUT/PATCH).
def
has_permission(self, request, view):
87 def has_permission(self, request, view): 88 if request.method in SAFE_METHODS: 89 return True 90 91 hospital_id = int(view.kwargs.get('hospital_pk')) 92 93 if request.user.is_superuser: 94 return True 95 96 if request.user.is_staff and request.user.hospital_id == hospital_id: 97 return True 98 99 if request.method in ['PUT', 'PATCH']: 100 return request.user.id == int(view.kwargs.get('pk') or view.kwargs.get('id')) 101 102 return False
Return True if permission is granted, False otherwise.
def
has_object_permission(self, request, view, obj):
104 def has_object_permission(self, request, view, obj): 105 if request.method in SAFE_METHODS: 106 return True 107 108 if request.user.is_superuser: 109 return True 110 111 if request.user.is_staff and request.user.hospital_id == obj.hospital.id: 112 return True 113 114 if request.method in ['PUT', 'PATCH'] and request.user.id == obj.id: 115 return True 116 117 if request.method == 'DELETE': 118 return request.user.is_staff and request.user.hospital_id == obj.hospital.id 119 120 return False
Return True if permission is granted, False otherwise.
class
WardPermission(rest_framework.permissions.BasePermission):
123class WardPermission(BasePermission): 124 """ 125 Permission for ward operations. 126 - SAFE_METHODS: Allowed for all users. 127 - Superusers: Full access. 128 - Staff: Can add/delete within their hospital. 129 """ 130 def has_permission(self, request, view): 131 if request.method in SAFE_METHODS: 132 return True 133 134 hospital_id = int(view.kwargs.get('hospital_pk')) 135 136 if request.user.is_superuser: 137 return True 138 139 if request.method in ['POST','DELETE']: 140 if request.user.is_staff and request.user.hospital_id == hospital_id: 141 return True 142 # else not allowed 143 return False
Permission for ward operations.
- SAFE_METHODS: Allowed for all users.
- Superusers: Full access.
- Staff: Can add/delete within their hospital.
def
has_permission(self, request, view):
130 def has_permission(self, request, view): 131 if request.method in SAFE_METHODS: 132 return True 133 134 hospital_id = int(view.kwargs.get('hospital_pk')) 135 136 if request.user.is_superuser: 137 return True 138 139 if request.method in ['POST','DELETE']: 140 if request.user.is_staff and request.user.hospital_id == hospital_id: 141 return True 142 # else not allowed 143 return False
Return True if permission is granted, False otherwise.