2fhddlmZddlmZGddejZGddejZGdd ejZGd d ejZy ) ) permissions) UserProfileceZdZdZdZy)IsSuperAdminOrAdminz Permission class that allows: - Super Admins: Full database access - Admins: Hierarchical access (own data + created users) c|jjsy |jj}|jry |jj jdjS#tj $rYIwxYw)NFTAdminname) useris_authenticatedprofile super_adminr DoesNotExistgroupsfilterexists)selfrequestviewrs /backend/users/permissions.pyhas_permissionz"IsSuperAdminOrAdmin.has_permission sz||,, ll**G""# ||""))w)7>>@@ ''   s"A11BBN__name__ __module__ __qualname____doc__rrrrs  ArrceZdZdZdZdZy)IsSuperAdminOrOwnerOrCreatedByz Object-level permission that allows: - Super Admins: Access to ANY object - Admins: Access to own objects and objects of users they created c|jjsy |jj}|jry |jj jdjrt|dr8||jk(ry |j}|j|jk(ry t|dr|j|jk(St|drA|j|jk(xs&|j|j|jSy#tj $rYwxYw#tj $rYwxYw)NFTr r username created_byr ) r r rrrrrrrhasattrr$_can_access_user_data)rrrobjrtarget_profiles rhas_object_permissionz4IsSuperAdminOrOwnerOrCreatedBy.has_object_permission"s.||,, ll**G""# <<   % %7 % 3 : : <sJ'',,&%([[N%00GLL@#A sL)~~55sF#xx7<</e43M3Mgll\_\d\d3ee1''   #//s#"D(%E(D?>D?EEcl |j}|j|k(S#tj$rYywxYwz3Check if current_user can access target_user's dataFrr$rrr current_user target_userrs rr&z4IsSuperAdminOrOwnerOrCreatedBy._can_access_user_dataE; !))G%%5 5''   33Nrrrrr)r&rrrr!r!s !Frr!ceZdZdZdZdZy)IsAdminOrOwnerOrCreatedByz Custom permission to allow: - Admins can access everything - Users can access their own data - Users can access data of users they created c |jjjdjrt |dr8||jk(ry |j }|j |jk(ry t |dr|j |jk(St |drA|j|jk(xs&|j|j|jSy#tj$rYwxYw)Nr r r#Tr$r F) r rrrr%rr$rrr&)rrrr'rs rr)z/IsAdminOrOwnerOrCreatedBy.has_object_permissionUs <<   % %7 % 3 : : <sJ'',,&!kkG))W\\9#:sL)~~55sF#xx7<</e43M3Mgll\_\d\d3ee#//s%C,,DDcl |j}|j|k(S#tj$rYywxYwr+r,r-s rr&z/IsAdminOrOwnerOrCreatedBy._can_access_user_datanr0r1Nr2rrrr4r4Ms2rr4ceZdZdZdZy) IsAdminRolez: Permission class to check if user has Admin role c|jjxr4|jjjdj S)Nr r )r r rrr)rrrs rrzIsAdminRole.has_permissionzs9||,,b1D1D1K1KQX1K1Y1`1`1bbrNrrrrr8r8vs crr8N) rest_frameworkrmodelsrBasePermissionrr!r4r8rrrr=sY&A+44A,0[%?%?0d' : :'Rc+,,cr