Merge pull request #381 from MySecondLanguage/admin-permission

MySecondLanguage · web-flow · commit bb3478b48252 · 2025-02-02T01:07:07.000+06:00
Admin permissions
diff --git a/nxtbn/core/admin_permissions.py b/nxtbn/core/admin_permissions.py
@@ -39,6 +39,10 @@ class IsStoreAdmin(BasePermission):
     def has_permission(self, request, view):
         if not request.user.is_staff:
             return False
+        
+        if request.user.is_superuser:
+            return True
+
         return request.user.is_store_admin
     
 class IsStoreStaff(BasePermission):
diff --git a/nxtbn/order/api/dashboard/views.py b/nxtbn/order/api/dashboard/views.py
@@ -405,11 +405,17 @@ def check_permissions(self, request):
             )
 
 class OrderCreateView(OrderProccessorAPIView):
-    model = Order
-    permission_classes = (GranularPermission, )
     required_perm = 'add_order'
     create_order = True # Eastimate and create order
 
+    def check_permissions(self, request):        
+        if not has_required_perm(request.user, 'add_order', Order):
+            self.permission_denied(
+                request,
+                message=_("You do not have permission to perform this action."),
+                code='permission_denied'
+            )
+
 class CreateCustomAPIView(generics.CreateAPIView):
     queryset = User.objects.all()
     serializer_class = CustomerCreateSerializer
diff --git a/nxtbn/users/admin.py b/nxtbn/users/admin.py
@@ -9,7 +9,7 @@
 
 @admin.register(User)
 class UserAdmin(auth_admin.UserAdmin):
-    fieldsets = (("User", {"fields": ('avatar', "role",)}),) + auth_admin.UserAdmin.fieldsets
-    list_display = ["username", "first_name", "email", "is_superuser", "is_active", "is_staff", "role"]
+    fieldsets = (("User", {"fields": ('avatar', "role", "is_store_admin", "is_store_staff",)}),) + auth_admin.UserAdmin.fieldsets
+    list_display = ["username", "first_name", "email", "is_superuser", "is_active", "is_staff", "is_store_admin", "is_store_staff" ,"role"]
     search_fields = ["first_name", "email",]
 
diff --git a/nxtbn/users/api/dashboard/serializers.py b/nxtbn/users/api/dashboard/serializers.py
@@ -139,7 +139,8 @@ def create(self, validated_data):
                 ]
             ),
             is_superuser = False,
-            is_staff = False,
+            is_staff = True,
+            is_active = True,
             **validated_data
         )
         

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,8 @@ def create(self, validated_data):`
`139`	`139`	`]`
`140`	`140`	`),`
`141`	`141`	`is_superuser = False,`
`142`		`- is_staff = False,`
	`142`	`+ is_staff = True,`
	`143`	`+ is_active = True,`
`143`	`144`	`**validated_data`
`144`	`145`	`)`
`145`	`146`