58 lines
1.7 KiB
Python
58 lines
1.7 KiB
Python
from rest_framework import permissions
|
|
|
|
|
|
# ----------------------------------------------------
|
|
# Global Role Definition
|
|
# ----------------------------------------------------
|
|
ROLES = {
|
|
"ADMIN": "ADMIN",
|
|
"OPERATOR": "OPERATOR",
|
|
"VIEWER": "VIEWER",
|
|
}
|
|
|
|
|
|
# ----------------------------------------------------
|
|
# Base Role Permission (Clean Code + Robustness)
|
|
# ----------------------------------------------------
|
|
class RolePermission(permissions.BasePermission):
|
|
"""
|
|
Base class สำหรับตรวจสอบสิทธิ์ตามฟิลด์ role (ADMIN, OPERATOR, VIEWER)
|
|
"""
|
|
|
|
allowed_roles = []
|
|
|
|
def has_permission(self, request, view):
|
|
user = request.user
|
|
|
|
if not user or not user.is_authenticated:
|
|
return False
|
|
|
|
# กรณีที่ไม่มี attribute ชื่อ role ก็จะไม่ทำให้เกิด AttributeError
|
|
user_role = getattr(user, 'role', '').upper()
|
|
|
|
return user_role in self.allowed_roles
|
|
|
|
|
|
# ----------------------------------------------------
|
|
# Specific Permission Classes
|
|
# ----------------------------------------------------
|
|
class IsAdmin(RolePermission):
|
|
message = "คุณไม่มีสิทธิ์เข้าถึงหน้านี้ (ADMIN Required)."
|
|
allowed_roles = [ROLES["ADMIN"]]
|
|
|
|
|
|
class IsAdminOrOperator(RolePermission):
|
|
allowed_roles = [ROLES["ADMIN"], ROLES["OPERATOR"]]
|
|
|
|
|
|
class IsViewerOrHigher(RolePermission):
|
|
allowed_roles = [
|
|
ROLES["ADMIN"],
|
|
ROLES["OPERATOR"],
|
|
ROLES["VIEWER"],
|
|
]
|
|
|
|
|
|
class IsAuthenticatedAccess(permissions.IsAuthenticated):
|
|
message = "คุณต้องเข้าสู่ระบบก่อน"
|