postnet/service/permissions.py

from rest_framework.permissions import BasePermission
# from drf_keycloak_auth.authentication import KeycloakAuthentication
from django.conf import settings


class UserPermission(BasePermission):
    def has_permission(self, request, view):
        print(f'KK_CLIENT_ID: {settings.DRF_KEYCLOAK_AUTH["KEYCLOAK_CLIENT_ID"]}')
        print(f'KK_CLIENT_SECRET_KEY: {settings.DRF_KEYCLOAK_AUTH["KEYCLOAK_CLIENT_SECRET_KEY"]}')
        kk_profile = request.auth
        kk_roles = kk_profile.get('resource_access',{}).get('postnet',{}).get('roles',[])
        if request.method not in ['GET']:
            # if view.action in [
            #     'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
            #     'update', 'partial_update', 'destroy', 'create',
            # ]:
            return settings.KK_EDITOR_ROLE in kk_roles
        else:
            return settings.KK_EDITOR_ROLE in kk_roles or settings.KK_VIEWER_ROLE in kk_roles