PlayMan/WrestleDesk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bdcec35383574d1ba5b13d773efe8c2884f2e4fe
WrestleDesk/backend/utils/permissions.py
T
Andrej Spielmann 3fefc550fe Initial commit: WrestleDesk full project 
- Django backend with DRF (clubs, wrestlers, trainers, exercises, templates, trainings, homework, locations, leistungstest)
- Next.js 16 frontend with React, Shadcn UI, Tailwind
- JWT authentication
- Full CRUD for all entities
- Calendar view for trainings
- Homework management system
- Leistungstest tracking
2026-03-26 13:24:57 +01:00

76 lines
2.2 KiB
Python
Raw Blame History

from rest_framework import permissions
from django_filters.rest_framework import DjangoFilterBackend
def get_user_club(user):
"""Helper to get club from user, checking profile.club first."""
if hasattr(user, 'profile') and user.profile and user.profile.club:
return user.profile.club
if hasattr(user, 'club') and user.club:
return user.club
return None
class ClubFilterBackend(DjangoFilterBackend):
"""
Filter backend that automatically filters queries by the authenticated user's club.
"""
def filter_queryset(self, request, queryset, view):
user = request.user
if not user.is_authenticated:
return queryset.none()
club = get_user_club(user)
if club is None:
return queryset.none()
if hasattr(queryset.model, 'club'):
return queryset.filter(club=club)
if hasattr(queryset.model, 'wrestler') and hasattr(queryset.model, 'training'):
return queryset.filter(training__club=club)
if hasattr(queryset.model, 'homework'):
return queryset.filter(homework__club=club)
return queryset
class ClubLevelPermission(permissions.BasePermission):
"""
Permission class that ensures users can only access their own club's data.
"""
def has_permission(self, request, view):
if not request.user or not request.user.is_authenticated:
return False
club = get_user_club(request.user)
if club is None:
return False
return True
def has_object_permission(self, request, view, obj):
if not request.user or not request.user.is_authenticated:
return False
club = get_user_club(request.user)
if club is None:
return False
obj_club = getattr(obj, 'club', None)
if obj_club is None and hasattr(obj, 'training'):
obj_club = getattr(obj.training, 'club', None)
if obj_club is None and hasattr(obj, 'homework'):
obj_club = getattr(obj.homework, 'club', None)
if obj_club is None and hasattr(obj, 'wrestler'):
obj_club = getattr(obj.wrestler, 'club', None)
return obj_club == club
Reference in New Issue View Git Blame Copy Permalink