Paras/MTCBD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backend Draft

Browse Source
This commit is contained in:
__init__
2026-02-23 20:31:53 +05:30
commit eec700af51
127 changed files with 2356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
backend/accounts/permissions.py Normal file
View File

@@ -0,0 +1,57 @@
from rest_framework import permissions
class IsTenantUser(permissions.BasePermission):
"""
Allows access only to authenticated users who belong to a tenant.
Also ensures object-level tenant isolation.
"""
def has_permission(self, request, view):
return bool(request.user and request.user.is_authenticated and request.user.tenant)
def has_object_permission(self, request, view, obj):
if hasattr(obj, 'tenant'):
return obj.tenant == request.user.tenant
return True
class IsAdmin(permissions.BasePermission):
"""
Allows access only to super_admin and institution_admin roles.
"""
def has_permission(self, request, view):
return bool(
request.user and
request.user.is_authenticated and
request.user.role in ['super_admin', 'institution_admin']
)
class IsProjectOwner(permissions.BasePermission):
"""
Allows object level access only to the user who created it.
"""
def has_object_permission(self, request, view, obj):
if hasattr(obj, 'created_by'):
return obj.created_by == request.user
return False
class IsTeacher(permissions.BasePermission):
"""
Allows access only to teacher, institution_admin, or super_admin roles.
"""
def has_permission(self, request, view):
return bool(
request.user and
request.user.is_authenticated and
request.user.role in ['teacher', 'institution_admin', 'super_admin']
)
class IsStudentReadOnly(permissions.BasePermission):
"""
Students get read-only access (GET, HEAD, OPTIONS).
Other roles are allowed (and restricted by other classes).
"""
def has_permission(self, request, view):
if request.user and request.user.is_authenticated:
if request.user.role == 'student':
return request.method in permissions.SAFE_METHODS
return True
return False