Add dta_service/core/permissions.py

dta_service/core/permissions.py

@@ -0,0 +1,43 @@
+from rest_framework import permissions
+
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        
+        if hasattr(obj, 'owner'):
+            return obj.owner.user == request.user
+        elif hasattr(obj, 'user'):
+            return obj.user == request.user
+        
+        return False
+
+class IsPropertyOwner(permissions.BasePermission):
+    def has_permission(self, request, view):
+        return request.user.user_type == 'property_owner'
+    
+    def has_object_permission(self, request, view, obj):
+        if hasattr(obj, 'owner'):
+            return obj.owner.user == request.user
+        elif hasattr(obj, 'property_owner'):
+            return obj.property_owner.user == request.user
+        return False
+
+class IsVendor(permissions.BasePermission):
+    def has_permission(self, request, view):
+        return request.user.user_type == 'vendor'
+    
+    def has_object_permission(self, request, view, obj):
+        if hasattr(obj, 'vendor'):
+            return obj.vendor.user == request.user
+        return False
+
+class IsParticipant(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if request.user.user_type == 'property_owner':
+            owner = obj.property_owner if hasattr(obj, 'property_owner') else obj.conversation.property_owner
+            return owner.user == request.user
+        elif request.user.user_type == 'vendor':
+            vendor = obj.vendor if hasattr(obj, 'vendor') else obj.conversation.vendor
+            return vendor.user == request.user
+        return False