9 lines
393 B
Python
9 lines
393 B
Python
from rest_framework.permissions import BasePermission
|
|
|
|
class IsAdminOrEditor(BasePermission):
|
|
def has_permission(self, request, view):
|
|
return request.method in ("GET", "HEAD", "OPTIONS") or (
|
|
request.user and request.user.is_authenticated and (
|
|
request.user.is_superuser or getattr(request.user, "role", None) == "editor"
|
|
)
|
|
) |