from rest_framework.permissions import BasePermission
from rest_framework_jwt.authentication import jwt_decode_handler


class IsOwnerOrReadOnly(BasePermission):
    def has_permission(self, request, view):
        if request.user.username == 'admin':
            return True

    def has_object_permission(self, request, view, obj):
        token = request.META['HTTP_AUTHORIZATION'][5:]
        token_user = jwt_decode_handler(token)  # 解析token
        if token_user:
            return obj.user.id == token_user['user_id']
        return False