From 2947f0eb36d527236d24fc80b1d0471989d1f078 Mon Sep 17 00:00:00 2001
From: timofejmalinin <tmalinin@endwork.today>
Date: Fri, 27 Oct 2023 10:00:57 +0700
Subject: [PATCH] KK ENV

---
 postamates/settings.py | 11 +++++++----
 service/permissions.py |  5 +++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/postamates/settings.py b/postamates/settings.py
index e5f66c1..6e8d813 100644
--- a/postamates/settings.py
+++ b/postamates/settings.py
@@ -193,10 +193,13 @@ REST_FRAMEWORK = {
 
 DRF_KEYCLOAK_AUTH = {
     # 'KEYCLOAK_SERVER_URL': 'http://keycloak.dev.selfservicetech.ru/auth',
-    'KEYCLOAK_SERVER_URL': 'https://kk.dev.selftech.ru/auth',
-    'KEYCLOAK_REALM': 'SST',
-    'KEYCLOAK_CLIENT_ID': 'postnet',
-    'KEYCLOAK_CLIENT_SECRET_KEY': 'K2yHweEUispkVeWn03VMk843sW2Moic5',
+    'KEYCLOAK_SERVER_URL': os.getenv('KEYCLOAK_SERVER_URL', 'https://kk.dev.selftech.ru/auth'),
+    'KEYCLOAK_REALM': os.getenv('KEYCLOAK_REALM', 'SST'),
+    'KEYCLOAK_CLIENT_ID': os.getenv('KEYCLOAK_CLIENT_ID','postnet'),
+    'KEYCLOAK_CLIENT_SECRET_KEY': os.getenv('KEYCLOAK_CLIENT_SECRET_KEY','K2yHweEUispkVeWn03VMk843sW2Moic5'),
     'KEYCLOAK_MANAGE_LOCAL_USER': False,
     'KEYCLOAK_ROLE_SET_PREFIX': 'realm_access',
 }
+
+KK_EDITOR_ROLE = os.getenv('KK_EDITOR_ROLE', 'postnet_editor')
+KK_VIEWER_ROLE = os.getenv('KK_VIEWER_ROLE', 'postnet_viewer')
diff --git a/service/permissions.py b/service/permissions.py
index 0dd18d7..c09c13e 100644
--- a/service/permissions.py
+++ b/service/permissions.py
@@ -1,5 +1,6 @@
 from rest_framework.permissions import BasePermission
 # from drf_keycloak_auth.authentication import KeycloakAuthentication
+from django.conf import settings
 
 
 class UserPermission(BasePermission):
@@ -11,6 +12,6 @@ class UserPermission(BasePermission):
             #     'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
             #     'update', 'partial_update', 'destroy', 'create',
             # ]:
-            return 'postnet_editor' in kk_roles
+            return settings.KK_EDITOR_ROLE in kk_roles
         else:
-            return 'postnet_editor' in kk_roles or 'postnet_viewer' in kk_roles
+            return settings.KK_EDITOR_ROLE in kk_roles or settings.KK_VIEWER_ROLE in kk_roles