Implemented permisions in all mutatation

MySecondLanguage · MySecondLanguage · commit 8bc722f93c30 · 2025-02-01T19:20:17.000+06:00
diff --git a/nxtbn/core/admin_mutation.py b/nxtbn/core/admin_mutation.py
@@ -2,6 +2,7 @@
 import graphene
 
 from nxtbn.core import CurrencyTypes
+from nxtbn.core.admin_permissions import gql_required_perm
 from nxtbn.core.admin_types import CurrencyExchangeType
 from nxtbn.core.models import CurrencyExchange
 from nxtbn.users import UserRole
@@ -20,6 +21,7 @@ class Arguments:
 
     currency_exchange = graphene.Field(CurrencyExchangeType)
 
+    @gql_required_perm(CurrencyExchange, 'add_currencyexchange')
     @staticmethod
     def mutate(root, info, input):
         # Validate base_currency
@@ -47,6 +49,7 @@ class Arguments:
 
     currency_exchange = graphene.Field(CurrencyExchangeType)
 
+    @gql_required_perm(CurrencyExchange, 'change_currencyexchange')
     @staticmethod
     def mutate(root, info, id, input):
         try:
@@ -64,6 +67,7 @@ class Arguments:
 
     success = graphene.Boolean()  # Indicate whether the operation was successful
 
+    @gql_required_perm(CurrencyExchange, 'delete_currencyexchange')
     @staticmethod
     def mutate(root, info, id):
         try:
diff --git a/nxtbn/core/admin_permissions.py b/nxtbn/core/admin_permissions.py
@@ -150,7 +150,7 @@ def has_required_perm(user, code: str, model_cls=None):
     return user.has_perm(perm_code)
 
 
-def gql_required_perm(code: str): # Used in graphql only
+def gql_required_perm(model, code: str):  # model argument will be the model class
     def decorator(func):
         @functools.wraps(func)
         def wrapper(self, info, *args, **kwargs):
@@ -169,13 +169,12 @@ def wrapper(self, info, *args, **kwargs):
             if user.is_store_admin:
                 return func(self, info, *args, **kwargs)
             
-
             if operation == "query":
                 return func(self, info, *args, **kwargs)
-
-            
             
-            if not user.has_perm(code):  # Check if user has the required permission
+            # Check if the user has permission for the model
+            perm_code = f"{model._meta.app_label}.{code}"  # Constructing the permission name
+            if not user.has_perm(perm_code):  # Check if the user has the required permission for the model
                 raise GraphQLError("Permission denied")  # Block unauthorized access
 
             return func(self, info, *args, **kwargs)  # Call the actual resolver
diff --git a/nxtbn/product/admin_mutations.py b/nxtbn/product/admin_mutations.py
@@ -1,4 +1,5 @@
 import graphene
+from nxtbn.core.admin_permissions import gql_required_perm
 from nxtbn.product.admin_types import CategoryTranslationType, CategoryType, CollectionTranslationType, ProductTagTranslationType, ProductTranslationType, ProductVariantTranslationType, SupplierTranslationType
 from nxtbn.product.models import Category, CategoryTranslation, CollectionTranslation, ProductTagTranslation, ProductTranslation, ProductVariantTranslation, SupplierTranslation
 from nxtbn.users import UserRole
@@ -18,6 +19,7 @@ class Arguments:
     
     category = graphene.Field(CategoryType)
 
+    @gql_required_perm(Category, 'change_category')
     def mutate(self, info, id, input):
         category = Category.objects.get(id=id)
         category.name = input.name
@@ -45,6 +47,7 @@ class Arguments:
 
     product_translation = graphene.Field(ProductTranslationType)
 
+    @gql_required_perm(ProductTranslation, 'change_producttranslation')
     def mutate(self, info, base_product_id, lang_code, name, summary, description, meta_title, meta_description):
         try:
             product_translation = ProductTranslation.objects.get(product_id=base_product_id, language_code=lang_code)
@@ -72,6 +75,7 @@ class Arguments:
 
     category_translation = graphene.Field(CategoryTranslationType)
 
+    @gql_required_perm(CategoryTranslation, 'change_categorytranslation')
     def mutate(self, info, base_category_id, lang_code, name, description, meta_title, meta_description):
         try:
             category_translation = CategoryTranslation.objects.get(category_id=base_category_id, language_code=lang_code)
@@ -98,6 +102,7 @@ class Arguments:
 
     supplier_translation = graphene.Field(SupplierTranslationType)
 
+    @gql_required_perm(SupplierTranslation, 'change_suppliertranslation')
     def mutate(self, info, base_supplier_id, lang_code, name, description, meta_title, meta_description):
         try:
             supplier_translation = SupplierTranslation.objects.get(supplier_id=base_supplier_id, language_code=lang_code)
@@ -121,6 +126,7 @@ class Arguments:
 
     product_variant_translation = graphene.Field(ProductVariantTranslationType)
 
+    @gql_required_perm(ProductVariantTranslation, 'change_productvarianttranslation')
     def mutate(self, info, base_product_variant_id, lang_code, name, description, meta_title, meta_description):
         try:
             product_variant_translation = ProductVariantTranslation.objects.get(product_variant_id=base_product_variant_id, language_code=lang_code)
@@ -140,6 +146,7 @@ class Arguments:
 
     product_tag_translation = graphene.Field(ProductTagTranslationType)
 
+    @gql_required_perm(ProductTagTranslation, 'change_producttagtranslation')
     def mutate(self, info, base_product_tag_id, lang_code, name, description, meta_title, meta_description):
         try:
             product_tag_translation = ProductTagTranslation.objects.get(product_tag_id=base_product_tag_id, language_code=lang_code)
@@ -162,6 +169,7 @@ class Arguments:
 
     collection_translation = graphene.Field(CollectionTranslationType)
 
+    @gql_required_perm(CollectionTranslation, 'change_collectiontranslation')
     def mutate(self, info, base_collection_id, lang_code, name, description, meta_title, meta_description):
         try:
             collection_translation = CollectionTranslation.objects.get(collection_id=base_collection_id, language_code=lang_code)
