Skip to content

Commit 48b2ac3

Browse files
Improved permission class
1 parent f8fdbdc commit 48b2ac3

File tree

2 files changed

+11
-6
lines changed

2 files changed

+11
-6
lines changed

nxtbn/core/admin_permissions.py

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,15 @@ def has_permission(self, request, view):
1919
if request.user.is_superuser:
2020
return True
2121

22-
if request.user.method in SAFE_METHODS and request.user.is_staff: # Every staff can view
22+
if request.method in SAFE_METHODS and request.user.is_staff: # Every staff can view
2323
return True
2424

25-
model_name = view.queryset.model.__name__.lower() # Get model name dynamically
26-
action = view.action.required_perm
25+
model_cls = getattr(view, 'queryset', None) or getattr(view, 'model', None)
26+
if model_cls is None:
27+
return False
28+
29+
model_name = model_cls.__name__.lower()
30+
action = view.required_perm
2731

2832
permission_name = self.get_permission_name(model_name, action)
2933

@@ -40,12 +44,12 @@ def has_permission(self, request, view):
4044
if request.user.is_superuser:
4145
return True
4246

43-
if request.user.method in SAFE_METHODS and request.user.is_staff: # Every staff can view
47+
if request.method in SAFE_METHODS and request.user.is_staff: # Every staff can view
4448
return True
4549

4650

4751

48-
model_cls = getattr(view, 'queryset', None)
52+
model_cls = getattr(view, 'queryset', None) or getattr(view, 'model', None)
4953
if model_cls is None:
5054
return False
5155

nxtbn/order/api/dashboard/views.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -405,8 +405,9 @@ def check_permissions(self, request):
405405
)
406406

407407
class OrderCreateView(OrderProccessorAPIView):
408+
model = Order
408409
permission_classes = (GranularPermission, )
409-
required_perm = 'can_add_order'
410+
required_perm = 'add_order'
410411
create_order = True # Eastimate and create order
411412

412413
class CreateCustomAPIView(generics.CreateAPIView):

0 commit comments

Comments
 (0)