24 lines
677 B
Python
24 lines
677 B
Python
from rest_framework import permissions # type: ignore
|
|
from rest_framework.views import APIView # type: ignore
|
|
from rest_framework.request import HttpRequest # type: ignore
|
|
|
|
from core.apps.companies.models import (
|
|
CompanyAccountModel,
|
|
CompanyModel
|
|
)
|
|
|
|
|
|
class IsCompanyAccount(permissions.IsAuthenticated):
|
|
def has_object_permission( # type: ignore
|
|
self,
|
|
request: HttpRequest,
|
|
view: APIView,
|
|
obj: CompanyModel
|
|
) -> bool:
|
|
if request.user.is_staff:
|
|
return True
|
|
|
|
return CompanyAccountModel.objects.filter(
|
|
company=obj, user=request.user,
|
|
).exists()
|