0

I have the following models.

class Post(models.Model):
    content = models.TextField()

class User(AbstractUser):
    pen_name = models.Charfield()

I want to restrict a user to create a specific number of posts (let's say 10) and no more than that. Also, I want the permission to expire by a certain date.

These models are representative, my original models have many more fields and need many more permissions. But for all of those, I basically need to restrict the count and expiry date. I want to have a licensing functionality by using the permissions. So a user may purchase a license to make 'n' posts in a year.

How do I achieve this, for APIViews and permission_classes in DRF?

Vikramark
  • 137
  • 13
  • Why are you not using [DRF Permissions](https://www.django-rest-framework.org/api-guide/permissions/)? – JPG Sep 21 '20 at 13:38
  • @ArakkalAbu In DRF permissions how can I store an expiry date for each user and the allowed post count for each user. As that may be different for each user. That is why I wanted to use Django permissions – Vikramark Sep 21 '20 at 13:54
  • Store the *post owner* and *post created time* in `Post` model. You can query those values to check the conditions – JPG Sep 21 '20 at 13:58
  • The expiration duration also may not be same for all the users. As I want the permissions to behave more like a license. As a user may purchase a license to make 'n' posts in a year. – Vikramark Sep 21 '20 at 14:00

2 Answers2

1

You can add a field(post_number) for your custom User and this field can be IntegerField or PositiveIntegerField and you can make it limited.

How to create an expiration date in my django model?

class User(AbstractBaseUser, PermissionsMixin):
    post_number = models.IntegerField()
    expiration_date = models.DateTimeField()

    more_restrictions = models.ManyToManyField(MyRestrictionModel)

    # rest of your code...

For more restrictions you can make a relationship with MyRestrictionModel and whenever you add a field to MyRestrictionModel your User will be restricted.

adnan kaya
  • 531
  • 3
  • 13
  • So the post number is only one of the restrictions. I have more complex models that this and I may need to add some permissions dynamically. So I need a way of storing the count and expiry date for a permission. I'll update my question to mention this. – Vikramark Sep 21 '20 at 13:56
  • 1
    I updated my answer. I hope this can be useful. @Vikramark – adnan kaya Sep 21 '20 at 14:02
0

For licenses, you can create a License model

class License(models.Model):
    code = models.Charfield()
    count = models.Integerfield()
    #other fields for license information

and then you can have the licenses in a ManyToManyField to the User model

class User(models.Model):
    ...
    licenses = models.ManyToManyField(License)
    ...

You can also add a through model for the M2M relationship to store other details like the date purchase of the license, expiry date, record of transaction etc.

And then in the APIViews you can use DRF's custom permission class

class MyPermissionClass(permissions.BasePermission):
    def has_permission(self, request, view):
        #process user's licenses to check permissions

class MyView(APIView):
    permission_classes = [MyPermissionClass,]
Vikramark
  • 137
  • 13