diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py index 3a226dbd..406c1692 100644 --- a/apps/utils/permissions.py +++ b/apps/utils/permissions.py @@ -117,29 +117,50 @@ class IsContentPageManager(IsStandardUser): rules = [ super().has_permission(request, view) ] - # and request.user.email_confirmed, - if hasattr(request, 'user') and hasattr(request.data, 'site_id'): - role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, - site_id=request.data.site_id,) \ - .first() - rules = [ - UserRole.objects.filter(user=request.user, role=role).exists(), - super().has_permission(request, view) - ] + if hasattr(request, 'user'): + if hasattr(request.data, 'site_id'): + role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, + site_id=request.data.site_id,) \ + .first() + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_permission(request, view) + ] + elif hasattr(request.data, 'country_id'): + role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, + country_id=request.data.country_id) \ + .first() + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_permission(request, view) + ] + return any(rules) def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request. + if hasattr(obj, 'site_id'): + role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, + site_id=obj.site_id) \ + .first() - role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, - site_id=obj.site_id) \ - .first() + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_object_permission(request, view, obj) + ] + elif hasattr(obj, 'country_id'): + role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, + country_id=obj.country_id) \ + .first() + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_object_permission(request, view, obj) + ] - rules = [ - UserRole.objects.filter(user=request.user, role=role).exists(), - super().has_object_permission(request, view, obj) - ] return any(rules) @@ -148,36 +169,55 @@ class IsCountryAdmin(IsStandardUser): Object-level permission to only allow owners of an object to edit it. Assumes the model instance has an `owner` attribute. """ - def has_permission(self, request, view): rules = [ super().has_permission(request, view) ] # and request.user.email_confirmed, - if hasattr(request.data, 'user') and hasattr(request.data, 'site_id'): - # Read permissions are allowed to any request. + if hasattr(request.data, 'user'): + if hasattr(request.data, 'site_id'): + # Read permissions are allowed to any request. + + role = Role.objects.filter(role=Role.COUNTRY_ADMIN, + site_id=request.data.site_id) \ + .first() + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_permission(request, view) + ] + elif hasattr(request.data, 'country_id'): role = Role.objects.filter(role=Role.COUNTRY_ADMIN, - site_id=request.data.site_id) \ - .first() # 'Comments moderator' + country_id=request.data.country_id) \ + .first() rules = [ UserRole.objects.filter(user=request.user, role=role).exists(), super().has_permission(request, view) - ] + ] return any(rules) def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request. - role = Role.objects.filter(role=Role.COUNTRY_ADMIN, - site_id=obj.site_id) \ - .first() # 'Comments moderator' + if hasattr(obj, 'site_id'): + role = Role.objects.filter(role=Role.COUNTRY_ADMIN, + site_id=obj.site_id) \ + .first() + + rules = [ + super().has_object_permission(request, view, obj) + ] + elif hasattr(obj, 'country_id'): + role = Role.objects.filter(role=Role.COUNTRY_ADMIN, + country_id=obj.country_id) \ + .first() + + rules = [ + super().has_object_permission(request, view, obj) + ] - rules = [ - super().has_object_permission(request, view, obj) - ] - # and request.user.email_confirmed, if hasattr(request, 'user') and request.user.is_authenticated: rules = [ UserRole.objects.filter(user=request.user, role=role).exists(),