j xdZddlmZddlmZmZGddej ZGddej Zy) z{ Custom permissions for Aimantis dashboard. Provides structure-level access control to prevent cross-tenant data leakage. ) permissions) Structure StructureUserceZdZdZdZy)HasStructureAccessz Permission class to check if user has access to a specific structure. Supports: - Structure owners (user in owned_structures) - Structure users (via StructureUser relationship) - Superusers (full access) c|jr|jjsy|jjry|jj d}|sy t |}tjj||jjrytjj||jjryy#t tf$rYywxYw)a  Check if the authenticated user has access to the requested structure. Args: request: HTTP request view: View being accessed Returns: True if user has access, False otherwise FT structure)iduser) structure_idr ) r is_authenticated is_superuser query_paramsgetint ValueError TypeErrorrobjectsfilterexistsr)selfrequestviewr s !/backend/dashboard/permissions.pyhas_permissionz!HasStructureAccess.has_permissions||7<<#@#@ << $ $++// <  |,L    # # $  &(   ' '% (  &( %I&  s CC,+C,N__name__ __module__ __qualname____doc__rrrr s .r"rceZdZdZdZy)IsStaffOrReadOnlyz Custom permission to allow staff full access, others read-only. Prepares for future staff-specific dashboard features. c|jtjvry|jxr|jjS)z Check permission based on user role and request method. Args: request: HTTP request view: View being accessed Returns: True if allowed, False otherwise T)methodr SAFE_METHODSr is_staff)rrrs rrz IsStaffOrReadOnly.has_permissionOs4 >>[55 5||5 5 55r"Nrr!r"rr$r$Hs  6r"r$N) r rest_frameworkrstructures.modelsrrBasePermissionrr$r!r"rr,s7'68338v6 226r"