Refactor permissions and configure token authentication.

Simplified the logic in `IsAdminOrIfAuthenticatedReadOnly` for better readability and maintainability. Added token authentication settings in Django REST framework to support secure API access.
mate-academy · Dec 26, 2024 · 072eb27 · 072eb27
1 parent adbb56e
commit 072eb27
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/cinema_service/settings.py b/cinema_service/settings.py
@@ -133,3 +133,9 @@
 # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+    ],
+}
diff --git a/user/permissions.py b/user/permissions.py
@@ -3,10 +3,10 @@
 
 class IsAdminOrIfAuthenticatedReadOnly(BasePermission):
     def has_permission(self, request, view):
-        if (
-                request.method in SAFE_METHODS
-                and request.user
-                and request.user.is_authenticated
-        ):
-            return True
-        return request.user and request.user.is_staff
+        return bool(
+            request.method in SAFE_METHODS and
+            request.user and
+            request.user.is_authenticated
+        ) or (
+                request.user and request.user.is_staff
+        )