|
|
|
|
@ -6,11 +6,11 @@ class UserPermission(BasePermission):
|
|
|
|
|
def has_permission(self, request, view):
|
|
|
|
|
kk_profile = request.auth
|
|
|
|
|
kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
|
|
|
|
|
if getattr(view, 'action', None):
|
|
|
|
|
if view.action in [
|
|
|
|
|
'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
|
|
|
|
|
'update', 'partial_update', 'destroy', 'create',
|
|
|
|
|
]:
|
|
|
|
|
return 'postnet_editor' in kk_roles
|
|
|
|
|
if request.method not in ['GET']:
|
|
|
|
|
# if view.action in [
|
|
|
|
|
# 'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
|
|
|
|
|
# 'update', 'partial_update', 'destroy', 'create',
|
|
|
|
|
# ]:
|
|
|
|
|
return 'postnet_editor' in kk_roles
|
|
|
|
|
else:
|
|
|
|
|
return 'postnet_editor' in kk_roles or 'postnet_viewer' in kk_roles
|
|
|
|
|
|
timofejmalinin
2 years ago