20 lines
628 B
Python
20 lines
628 B
Python
from rest_framework import permissions # type: ignore
|
|
from rest_framework.request import HttpRequest # type: ignore
|
|
from rest_framework.views import APIView # type: ignore
|
|
from core.apps.companies.models import CompanyFolderModel
|
|
|
|
|
|
class IsFolderOwner(permissions.IsAuthenticated):
|
|
|
|
def has_object_permission( # type: ignore
|
|
self,
|
|
request: HttpRequest,
|
|
view: APIView,
|
|
obj: CompanyFolderModel
|
|
) -> bool:
|
|
return CompanyFolderModel.objects.filter(
|
|
company__accounts__user=request.user,
|
|
id=obj.id
|
|
).exists()
|
|
|
|
|