postnet/service/permissions.py

from rest_framework.permissions import BasePermission
# from drf_keycloak_auth.authentication import KeycloakAuthentication
from django.conf import settings
from django.core.handlers.wsgi import WSGIRequest
from logging import getLogger, basicConfig, DEBUG


basicConfig(level=DEBUG)
logger = getLogger(__name__)


def serialize(obj):
    attributes = sorted(list(dir(obj)))

    for attr in attributes:
        try:
            value = getattr(obj, attr)
            yield f"{attr}: {value}\n"
        except:
            pass


class UserPermission(BasePermission):
    def has_permission(self, request: WSGIRequest, view):
        return True
        # logger.error(f'KK_CLIENT_ID: {settings.DRF_KEYCLOAK_AUTH["KEYCLOAK_CLIENT_ID"]}')
        # logger.error(f'KK_CLIENT_SECRET_KEY: {settings.DRF_KEYCLOAK_AUTH["KEYCLOAK_CLIENT_SECRET_KEY"]}')

        kk_profile = request.auth
        kk_roles = kk_profile.get('resource_access',{}).get('postnet',{}).get('roles',[])
        if request.method not in ['GET']:
            # if view.action in [
            #     'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
            #     'update', 'partial_update', 'destroy', 'create',
            # ]:
            return settings.KK_EDITOR_ROLE in kk_roles
        else:
            return settings.KK_EDITOR_ROLE in kk_roles or settings.KK_VIEWER_ROLE in kk_roles