access_control/permissions.py

from rest_framework.permissions import BasePermission

from farm_hub.models import FarmHub

from .services import AccessControlServiceUnavailable, authorize_feature, get_authorization_action, get_request_data


class FeatureAccessPermission(BasePermission):
    message = "Access denied."

    def has_permission(self, request, view):
        feature_code = getattr(view, "required_feature_code", None)
        if not feature_code:
            return True

        farm_uuid = (
            view.kwargs.get("farm_uuid")
            or request.query_params.get("farm_uuid")
            or get_request_data(request).get("farm_uuid")
        )
        if not farm_uuid:
            self.message = f"Access to feature `{feature_code}` is denied."
            return False

        try:
            farm = FarmHub.objects.select_related("farm_type", "subscription_plan").prefetch_related(
                "products",
                "sensors",
                "sensors__sensor_catalog",
            ).get(farm_uuid=farm_uuid, owner=request.user)
        except FarmHub.DoesNotExist:
            self.message = f"Access to feature `{feature_code}` is denied."
            return False

        try:
            allowed = authorize_feature(
                farm,
                request.user,
                feature_code,
                get_authorization_action(request.method),
                route=request.path,
            )
        except AccessControlServiceUnavailable as exc:
            self.message = str(exc)
            return False

        if not allowed:
            self.message = f"Access to feature `{feature_code}` is denied."
        return allowed
UPDATE 2026-04-03 23:51:00 +03:30			`from rest_framework.permissions import BasePermission`

			`from farm_hub.models import FarmHub`

UPDATE 2026-04-09 22:48:54 +03:30			`from .services import AccessControlServiceUnavailable, authorize_feature, get_authorization_action, get_request_data`
UPDATE 2026-04-03 23:51:00 +03:30

			`class FeatureAccessPermission(BasePermission):`
UPDATE 2026-04-09 22:48:54 +03:30			`message = "Access denied."`
UPDATE 2026-04-03 23:51:00 +03:30
			`def has_permission(self, request, view):`
			`feature_code = getattr(view, "required_feature_code", None)`
			`if not feature_code:`
			`return True`

UPDATE 2026-04-09 22:48:54 +03:30			`farm_uuid = (`
			`view.kwargs.get("farm_uuid")`
			`or request.query_params.get("farm_uuid")`
			`or get_request_data(request).get("farm_uuid")`
			`)`
UPDATE 2026-04-03 23:51:00 +03:30			`if not farm_uuid:`
UPDATE 2026-04-09 22:48:54 +03:30			self.message = f"Access to feature `{feature_code}` is denied."
			`return False`
UPDATE 2026-04-03 23:51:00 +03:30
UPDATE 2026-04-09 22:48:54 +03:30			`try:`
			`farm = FarmHub.objects.select_related("farm_type", "subscription_plan").prefetch_related(`
			`"products",`
			`"sensors",`
			`"sensors__sensor_catalog",`
			`).get(farm_uuid=farm_uuid, owner=request.user)`
			`except FarmHub.DoesNotExist:`
			self.message = f"Access to feature `{feature_code}` is denied."
			`return False`
UPDATE 2026-04-03 23:51:00 +03:30
			`try:`
UPDATE 2026-04-09 23:43:58 +03:30			`allowed = authorize_feature(`
			`farm,`
			`request.user,`
			`feature_code,`
			`get_authorization_action(request.method),`
			`route=request.path,`
			`)`
UPDATE 2026-04-09 22:48:54 +03:30			`except AccessControlServiceUnavailable as exc:`
			`self.message = str(exc)`
			`return False`

			`if not allowed:`
			self.message = f"Access to feature `{feature_code}` is denied."
			`return allowed`