17 lines
632 B
Python
17 lines
632 B
Python
|
|
from rest_framework import permissions
|
|
from .models import Team,Member
|
|
|
|
class IsMemberOrTeamOwner(permissions.BasePermission):
|
|
def has_object_permission(self, request, view, obj):
|
|
# Check if user is a member of the team or the team owner
|
|
return request.user in obj.team.members.all() or request.user == obj.team.owner
|
|
|
|
class IsTeamOwner(permissions.BasePermission):
|
|
def has_object_permission(self, request, view, obj):
|
|
if isinstance(obj, Team):
|
|
return obj.owner == request.user
|
|
elif isinstance(obj, Member):
|
|
return obj.team.owner == request.user
|
|
return False
|