diff --git a/codeforlife/user/permissions/is_student.py b/codeforlife/user/permissions/is_student.py index 62ca74c0..1f217087 100644 --- a/codeforlife/user/permissions/is_student.py +++ b/codeforlife/user/permissions/is_student.py @@ -19,8 +19,8 @@ def __init__(self, student_id: t.Optional[int] = None): """Initialize permission. Args: - student_id: A student's ID. If passed, the user must be this - student. + student_id: A student's ID. If None, check if the user is any + student. Else, check if the user is the specific student. """ super().__init__() diff --git a/codeforlife/user/permissions/is_teacher.py b/codeforlife/user/permissions/is_teacher.py index bd4a8e8e..7355b5e2 100644 --- a/codeforlife/user/permissions/is_teacher.py +++ b/codeforlife/user/permissions/is_teacher.py @@ -9,22 +9,30 @@ from rest_framework.request import Request from rest_framework.views import APIView -from ..models import User +from ..models import Teacher, User class IsTeacher(BasePermission): """Request's user must be a teacher.""" - def __init__(self, teacher_id: t.Optional[int] = None): + def __init__( + self, + teacher_id: t.Optional[int] = None, + is_admin: t.Optional[bool] = None, + ): """Initialize permission. Args: - teacher_id: A teacher's ID. If passed, the user must be this - teacher. + teacher_id: A teacher's ID. If None, check if the user is any + teacher. Else, check if the user is the specific teacher. + is_admin: If the teacher is an admin. If None, don't check if the + teacher is an admin. Else, check if the teacher is (not) an + admin. """ super().__init__() self.teacher_id = teacher_id + self.is_admin = is_admin def has_permission(self, request: Request, view: APIView): user = request.user @@ -32,4 +40,8 @@ def has_permission(self, request: Request, view: APIView): isinstance(user, User) and user.teacher_id is not None and (self.teacher_id is None or user.teacher_id == self.teacher_id) + and ( + self.is_admin is None + or t.cast(Teacher, user.teacher).is_admin == self.is_admin + ) )