27 lines
1.0 KiB
Python
27 lines
1.0 KiB
Python
from rest_framework.permissions import BasePermission
|
|
|
|
|
|
class IsAdminAccount(BasePermission):
|
|
"""Allows access only to authenticated staff/superuser / admin JWT accounts.
|
|
|
|
FunZone minting uses JWTTokenUserAuthentication here (no local user DB).
|
|
rest_framework_simplejwt.TokenUser hardcodes is_staff/is_superuser to False,
|
|
so admin flags must be read from the token payload itself.
|
|
"""
|
|
|
|
message = 'دسترسی غیرمجاز. فقط مدیران میتوانند به این بخش دسترسی داشته باشند.'
|
|
|
|
def has_permission(self, request, view):
|
|
user = request.user
|
|
if not user or not user.is_authenticated:
|
|
return False
|
|
|
|
token = getattr(user, 'token', None)
|
|
if token is not None:
|
|
if token.get('user_type') == 'admin':
|
|
return True
|
|
if token.get('is_staff') or token.get('is_superuser'):
|
|
return True
|
|
|
|
return bool(getattr(user, 'is_staff', False) or getattr(user, 'is_superuser', False))
|