added AdminProductsViewSet for users with role SITE_ADMIN

2021-03-08 12:54:06 +00:00
parent ec27937b85
commit 642688b98d
4 changed files with 190 additions and 7 deletions
--- a/back_latienda/permissions.py
+++ b/back_latienda/permissions.py
@@ -43,10 +43,14 @@ class IsSiteAdmin(permissions.BasePermission):
    admin_role = 'SITE_ADMIN'

    def has_object_permission(self, request, view, obj):
-        return request.user.role == self.admin_role
+        if request.user.is_authenticated:
+            return request.user.role == self.admin_role
+        return False

    def has_permission(self, request, view):
-        return request.user.role == self.admin_role
+        if request.user.is_authenticated:
+            return request.user.role == self.admin_role
+        return False


 class ReadOnly(permissions.BasePermission):
--- a/back_latienda/routers.py
+++ b/back_latienda/routers.py
@@ -2,7 +2,7 @@ from rest_framework import routers

 from core.views import CustomUserViewSet
 from companies.views import CompanyViewSet, MyCompanyViewSet
-from products.views import ProductViewSet, MyProductsViewSet
+from products.views import ProductViewSet, MyProductsViewSet, AdminProductsViewSet
 from history.views import HistorySyncViewSet
 from stats.views import StatsLogViewSet

@@ -16,6 +16,7 @@ router.register('companies', CompanyViewSet, basename='company')
 router.register('my_company', MyCompanyViewSet, basename='my-company')
 router.register('products', ProductViewSet, basename='product')
 router.register('my_products', MyProductsViewSet, basename='my-products')
+router.register('admin_products', AdminProductsViewSet, basename='admin-product')
 router.register('history', HistorySyncViewSet, basename='history')
 router.register('stats', StatsLogViewSet, basename='stats')