h#jdZddlmZddlmZdZGddZGddeZGd d eZGd d Z Gd dZ GddZ Gddee Z Gdde ZGddeZGddeZGddeZGddeZGddeZGd d!eZGd"d#eZy$)%z2 Provides a set of pluggable permission policies. )Http404) exceptions)GETHEADOPTIONSc*eZdZdZdZdZdZdZy)OperationHolderMixinc$tt||SN OperandHolderANDselfothers ]/var/www/html/ranktracker/api/venv/lib/python3.12/site-packages/rest_framework/permissions.py__and__zOperationHolderMixin.__and__ sS$..c$tt||Sr r ORrs r__or__zOperationHolderMixin.__or__sRu--rc$tt||Sr r rs r__rand__zOperationHolderMixin.__rand__sS%..rc$tt||Sr rrs r__ror__zOperationHolderMixin.__ror__sR--rc"tt|Sr )SingleOperandHolderNOT)rs r __invert__zOperationHolderMixin.__invert__s"3--rN)__name__ __module__ __qualname__rrrrr rrr r s/./..rr ceZdZdZdZy)rc ||_||_yr )operator_class op1_class)rr'r(s r__init__zSingleOperandHolder.__init__s,"rcH|j|i|}|j|Sr )r(r')rargskwargsop1s r__call__zSingleOperandHolder.__call__!s(dnnd-f-""3''rNr!r"r#r)r.r$rrrrs #(rrceZdZdZdZy)r c.||_||_||_yr )r'r( op2_class)rr'r(r2s rr)zOperandHolder.__init__'s,""rcn|j|i|}|j|i|}|j||Sr )r(r2r')rr+r,r-op2s rr.zOperandHolder.__call__,s?dnnd-f-dnnd-f-""3,,rNr/r$rrr r &s # -rr ceZdZdZdZdZy)rc ||_||_yr r-r4rr-r4s rr)z AND.__init__3rcv|jj||xr|jj||Sr r-has_permissionr4rrequestviews rr<zAND.has_permission74 HH # #GT 2 3 HH # #GT 2 rcz|jj|||xr|jj|||Sr r-has_object_permissionr4rr>r?objs rrCzAND.has_object_permission=8 HH * *7D# > ? HH * *7D# > rNr!r"r#r)r<rCr$rrrr2  rrceZdZdZdZdZy)rc ||_||_yr r7r8s rr)z OR.__init__Er9rcv|jj||xs|jj||Sr r;r=s rr<zOR.has_permissionIr@rcz|jj|||xs|jj|||Sr rBrDs rrCzOR.has_object_permissionOrFrNrGr$rrrrDrHrrceZdZdZdZdZy)rc||_yr )r-)rr-s rr)z NOT.__init__Ws rc<|jj|| Sr )r-r<r=s rr<zNOT.has_permissionZs88**7D999rc>|jj||| Sr )r-rCrDs rrCzNOT.has_object_permission]s8811'4EEErNrGr$rrrrVs:Frrc eZdZy)BasePermissionMetaclassN)r!r"r#r$rrrRrRasrrRceZdZdZdZdZy)BasePermissionzH A base class from which all permission classes should inherit. cyzL Return `True` if permission is granted, `False` otherwise. Tr$r=s rr<zBasePermission.has_permissionjrcyrVr$rDs rrCz$BasePermission.has_object_permissionprWrN)r!r"r#__doc__r<rCr$rrrTrTes rrT) metaclassceZdZdZdZy)AllowAnyz Allow any access. This isn't strictly required, since you could use an empty permission_classes list, but it's useful because it makes the intention more explicit. cy)NTr$r=s rr<zAllowAny.has_permissionsrNr!r"r#rYr<r$rrr\r\ws rr\ceZdZdZdZy)IsAuthenticatedz4 Allows access only to authenticated users. c\t|jxr|jjSr )booluseris_authenticatedr=s rr<zIsAuthenticated.has_permissions GLLBW\\%B%BCCrNr^r$rrr`r`s Drr`ceZdZdZdZy) IsAdminUserz, Allows access only to admin users. c\t|jxr|jjSr )rbrcis_staffr=s rr<zIsAdminUser.has_permissions GLL:W\\%:%:;;rNr^r$rrrfrfs |j }|*Jdj|jj|S|j S)N get_querysetquerysetz[Cannot apply {} on a view that does not set `.queryset` or have a `.get_queryset()` method.z{}.get_queryset() returned None)hasattrgetattrformat __class__r!rr)rr?rs r _querysetz DjangoModelPermissions._querysetst^,tZ.: * > &(( )  *; 4 (((*H' 1889P9PQ 'O}}rc t|ddry|jr"|jjs |jry|j |}|j |j |j}|jj|S)N_ignore_model_permissionsFT) rrcrdauthenticated_users_onlyrrrlmodel has_perms)rr>r?rpermss rr<z%DjangoModelPermissions.has_permissionsp 44e <||||,,1N1N>>$'--gnnhnnM||%%e,,rN) r!r"r#rYr~rrrr<r$rrrorosI 34567889I $ B  -rroceZdZdZdZy)$DjangoModelPermissionsOrAnonReadOnlyzj Similar to DjangoModelPermissions, except that anonymous users are allowed read-only access. FN)r!r"r#rYrr$rrrrs %rrc8eZdZdZgggdgdgdgdgdZdZdZy) DjangoObjectPermissionsa The request is authenticated using Django's object-level permissions. It requires an object-permissions-enabled backend, such as Django Guardian. It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the object using .has_perms. This permission can only be applied against view classes that provide a `.queryset` attribute. rprqrrrsc|jj|jjd}||jvrt j ||j|Dcgc]}||z c}Scc}w)Nryr|rs rget_required_object_permissionsz7DjangoObjectPermissions.get_required_object_permissionssc"22#//44   '--f5 5*...*@A$v AAArc8|j|}|j}|j}|j|j|}|j ||sC|jt vrt|jd|}|j ||styy)NrFT)rrrcrrlrrmr) rr>r?rErrrcr read_permss rrCz-DjangoObjectPermissions.has_object_permissions>>$'NN ||44W^^YO~~eS) ~~- ==eYOJ>>*c2 rN)r!r"r#rYr~rrCr$rrrrs< 34567889I BrrN)rY django.httprrest_frameworkrrmr rr rrrtyperRrTr\r`rfrjrorrr$rrrs %) .."(.( -( -  $  $FF 2D 6$ ~ DnD<.<    F-^F-R%+A%949r