From 072eb27f44a0a9335c46257f5d30a022aa80f56a Mon Sep 17 00:00:00 2001
From: Frezworx <frezworx@gmail.com>
Date: Thu, 26 Dec 2024 17:43:55 +0200
Subject: [PATCH] Refactor permissions and configure token authentication.

Simplified the logic in `IsAdminOrIfAuthenticatedReadOnly` for better readability and maintainability. Added token authentication settings in Django REST framework to support secure API access.
---
 cinema_service/settings.py |  6 ++++++
 user/permissions.py        | 14 +++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/cinema_service/settings.py b/cinema_service/settings.py
index 1acf413b..bc90f6c6 100644
--- a/cinema_service/settings.py
+++ b/cinema_service/settings.py
@@ -133,3 +133,9 @@
 # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+    ],
+}
diff --git a/user/permissions.py b/user/permissions.py
index 39a60c2d..95811ef3 100644
--- a/user/permissions.py
+++ b/user/permissions.py
@@ -3,10 +3,10 @@
 
 class IsAdminOrIfAuthenticatedReadOnly(BasePermission):
     def has_permission(self, request, view):
-        if (
-                request.method in SAFE_METHODS
-                and request.user
-                and request.user.is_authenticated
-        ):
-            return True
-        return request.user and request.user.is_staff
+        return bool(
+            request.method in SAFE_METHODS and
+            request.user and
+            request.user.is_authenticated
+        ) or (
+                request.user and request.user.is_staff
+        )