from rest_framework import permissions from rest_framework.permissions import BasePermission class SuperAdminOnly(BasePermission): """Only super admin can access""" def has_permission(self, request, view): return request.user.is_superuser class AllowAny(BasePermission): """Allow any user to access""" def has_permission(self, request, view): return True class GenericPermission(permissions.BasePermission): """ Generic permission class that can be used for any permission Usage: permission_classes = [GenericPermission('view_reports')] """ def __init__(self, permission_codename): self.permission_codename = permission_codename def has_permission(self, request, view): if not request.user.is_authenticated: return False if request.user.is_superuser: return True # Check if user has an active company if not request.user.active_company: return False if request.user.is_company_admin(): return True return request.user.has_company_permission(self.permission_codename) class AnyPermission(permissions.BasePermission): """ Permission class that requires any one of the specified permissions Usage: permission_classes = [AnyPermission('view_reports', 'view_analytics')] """ def __init__(self, *permission_codenames): self.permission_codenames = permission_codenames def has_permission(self, request, view): if not request.user.is_authenticated: return False if request.user.is_superuser: return True # Check if user has an active company if not request.user.active_company: return False if request.user.is_company_admin(): return True return any( request.user.has_company_permission(perm) for perm in self.permission_codenames ) class AllPermissions(permissions.BasePermission): """ Permission class that requires all of the specified permissions Usage: permission_classes = [AllPermissions('view_reports', 'edit_reports')] """ def __init__(self, *permission_codenames): self.permission_codenames = permission_codenames def has_permission(self, request, view): if not request.user.is_authenticated: return False if request.user.is_superuser: return True # Check if user has an active company if not request.user.active_company: return False if request.user.is_company_admin(): return True return all( request.user.has_company_permission(perm) for perm in self.permission_codenames ) class CompanyPermission(permissions.BasePermission): """ Permission class that requires company membership and optional permission Usage: permission_classes = [CompanyPermission('view_reports')] # Requires company + permission permission_classes = [CompanyPermission()] # Just requires company membership """ def __init__(self, permission_codename=None, company=None): self.permission_codename = permission_codename self.company = company def has_permission(self, request, view): if not request.user.is_authenticated: return False if request.user.is_superuser: return True # User must have an active company if not request.user.active_company: return False # If no specific permission required, just company membership is enough if not self.permission_codename: return True # Check specific permission in active company context return request.user.has_company_permission(self.permission_codename, self.company)