✨(project) first proof of concept printing pdf from markdown

This is a boilerplate inspired from https://github.com/openfun/joanie

src/backend/core/api/permissions.py

@@ -0,0 +1,54 @@
+"""Permission handlers for the publish core app."""
+from django.core import exceptions
+
+from rest_framework import permissions
+
+
+class IsAuthenticated(permissions.BasePermission):
+    """
+    Allows access only to authenticated users. Alternative method checking the presence
+    of the auth token to avoid hitting the database.
+    """
+
+    def has_permission(self, request, view):
+        return bool(request.auth) if request.auth else request.user.is_authenticated
+
+
+class IsSelf(IsAuthenticated):
+    """
+    Allows access only to authenticated users. Alternative method checking the presence
+    of the auth token to avoid hitting the database.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        """Write permissions are only allowed to the user itself."""
+        return obj == request.user
+
+
+class IsOwnedOrPublic(IsAuthenticated):
+    """
+    Allows access to authenticated users only for objects that are owned or not related
+    to any user via the "owner" field.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        """Unsafe permissions are only allowed for the owner of the object."""
+        if obj.owner == request.user:
+            return True
+
+        if request.method in permissions.SAFE_METHODS and obj.owner is None:
+            return True
+
+        try:
+            return obj.user == request.user
+        except exceptions.ObjectDoesNotExist:
+            return False
+
+
+class AccessPermission(IsAuthenticated):
+    """Permission class for access objects."""
+
+    def has_object_permission(self, request, view, obj):
+        """Check permission for a given object."""
+        abilities = obj.get_abilities(request.user)
+        return abilities.get(request.method.lower(), False)