postnet/service/permissions.py

from rest_framework.permissions import BasePermission
# from drf_keycloak_auth.authentication import KeycloakAuthentication


class UserPermission(BasePermission):
    def has_permission(self, request, view):
        kk_profile = request.auth
        kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
        if getattr(view, 'action', None):
            if view.action in [
                'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
                'update', 'partial_update', 'destroy', 'create',
            ]:
                return 'postnet_editor' in kk_roles
        else:
            return 'postnet_editor' in kk_roles or 'postnet_viewer' in kk_roles