Skip to content

Commit

Permalink
feat(api): during permission checking, if model is an organization an…
Browse files Browse the repository at this point in the history 
…d the user is a manager allow access to the organization.

ref: #425 #426
  • Loading branch information
@jon-nfc
jon-nfc committed Dec 19, 2024
1 parent 5b27e33 commit 2caad94
Showing 1 changed file with 24 additions and 2 deletions.
26 changes: 24 additions & 2 deletions app/api/views/mixin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,34 @@ class OrganizationPermissionAPI(DjangoObjectPermissions, OrganizationMixin):

def has_permission(self, request, view):

return self.permission_check(request, view)
permission_check = self.permission_check(request, view)

if view.kwargs.get('pk', None):

if(
str(type(view.get_object()).__name__).lower() == 'organization'
and view.get_object().manager == request.user
):

return True

return permission_check


def has_object_permission(self, request, view, obj):

return self.permission_check(request, view, obj)
is_organization_manager: bool = False

if view.kwargs.get('pk', None):

if(
str(type(obj).__name__).lower() == 'organization'
and obj.manager == request.user
):

return True

return self.permission_check(request, view)


def permission_check(self, request, view, obj=None) -> bool:
Expand Down

0 comments on commit 2caad94

Please sign in to comment.