Added permssion

Author: MySecondLanguage

nxtbn/users/admin_mutation.py

@@ -1,9 +1,12 @@
 import graphene
 from django.contrib.auth import authenticate
+from django.contrib.auth.models import Permission
 
 from django.conf import settings
 
+from nxtbn.users.admin_types import PermissionType
 from nxtbn.users.api.storefront.serializers import JwtBasicUserSerializer
+from nxtbn.users.models import User
 from nxtbn.users.utils.jwt_utils import JWTManager
 
 class AdminTokenType(graphene.ObjectType):
@@ -105,9 +108,38 @@ def mutate(self, info, refresh_token):
             return AdminTokenRefreshMutation(refresh=response)
         else:
             raise Exception("Invalid or expired refresh token")
+        
+
+
+
+class AttachPermissionMutation(graphene.Mutation):
+    class Arguments:
+        user_id = graphene.Int(required=True)
+        permission_codename = graphene.String(required=True)
+
+    success = graphene.Boolean()
+    message = graphene.String()
+
+    def mutate(self, info, user_id, permission_codename):
+        try:
+            user = User.objects.get(id=user_id)
+        except User.DoesNotExist:
+            return AttachPermissionMutation(success=False, message="User not found")
+
+        try:
+            permission = Permission.objects.get(codename=permission_codename)
+        except Permission.DoesNotExist:
+            return AttachPermissionMutation(success=False, message="Permission not found")
+
+        # Add the permission to the user
+        user.user_permissions.add(permission)
+
+        return AttachPermissionMutation(success=True, message="Permission assigned successfully")
+    
 
 class AdminUserMutation(graphene.ObjectType):
     login = AdminLoginMutation.Field()
     refresh_token = AdminTokenRefreshMutation.Field()
+    attach_permission = AttachPermissionMutation.Field()
 
 

nxtbn/users/admin_queries.py

@@ -12,19 +12,23 @@ class UserAdminQuery(graphene.ObjectType):
     def resolve_permissions(self, info, user_id):
         # Get the user by the provided user_id
         try:
-            user = User.objects.get(id=user_id)
+            user = User.objects.prefetch_related('user_permissions').get(id=user_id)
         except User.DoesNotExist:
             return []  # If the user doesn't exist, return an empty list
 
         # Retrieve all permissions from the database
         permissions = Permission.objects.all()
 
+        # Create a set of user's permissions for quick lookup
+        user_permissions = set(user.user_permissions.all())
+
         # Create a list of PermissionType objects with the user permission check
-        permission_data = []
-        for permission in permissions:
-            permission_data.append(PermissionType(
+        permission_data = [
+            PermissionType(
                 codename=permission.codename,
                 name=permission.name,
-                has_assigned=user.has_perm(f'{permission.codename}')  # Check if the user has the permission
-            ))
+                has_assigned=permission in user_permissions  # Check if the user has the permission
+            )
+            for permission in permissions
+        ]
         return permission_data