from django.db import models from rest_framework_api_key.models import AbstractAPIKey, BaseAPIKeyManager from django.contrib.auth.models import User, Permission from django.contrib import contenttypes from django.contrib.auth.backends import ModelBackend from .utils import parse_request_method_name class APIKey(AbstractAPIKey): permission = models.ManyToManyField(Permission, related_name="api_keys") class Meta(AbstractAPIKey.Meta): verbose_name = "API key" verbose_name_plural = "API keys" def get_all_permissions(self): return self.permission.all() def has_permission(self, model): ''' Checks if the APIKey has any type of permission for a specific model ''' permissions = self.get_all_permissions() for i in permissions: if model == i.content_type.model: return True return False def has_permission_method(self, model, request_method): ''' Checks if the APIKey has request method permission on certain model request_method can be POST, GET, PUT, DELETE ''' permissions = self.get_all_permissions() for i in permissions: if model == i.content_type.model and parse_request_method_name(request_method) in i.codename: return True return False