nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

fix(access): Use request.method for determining the HTTP/Method for permission checks

Browse Source 
ref: #442 #456
This commit is contained in:
Jon Lockwood
2024-12-27 18:50:09 +09:30
parent 7c62643c6c
commit 17e437ce68
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/access/mixins/permissions.py
View File

@ -102,14 +102,14 @@ class OrganizationPermissionMixin(
if(
view.action == 'create'
and getattr(view.request._stream, 'method', '') == 'POST'
and request.method == 'POST'
):
view_action = 'add'
elif(
view.action == 'destroy'
and getattr(view.request._stream, 'method', '') == 'DELETE'
and request.method == 'DELETE'
):
view_action = 'delete'
@ -126,7 +126,7 @@ class OrganizationPermissionMixin(
elif (
view.action == 'partial_update'
and getattr(view.request._stream, 'method', '') == 'PATCH'
and request.method == 'PATCH'
):
view_action = 'change'
@ -137,7 +137,7 @@ class OrganizationPermissionMixin(
elif (
view.action == 'update'
and getattr(view.request._stream, 'method', '') == 'PUT'
and request.method == 'PUT'
):
view_action = 'change'
@ -148,7 +148,7 @@ class OrganizationPermissionMixin(
elif(
view.action == 'retrieve'
and getattr(view.request._stream, 'method', '') == 'GET'
and request.method == 'GET'
):
view_action = 'view'
@ -159,7 +159,7 @@ class OrganizationPermissionMixin(
elif(
view.action == 'metadata'
and getattr(view.request._stream, 'method', '') == 'OPTIONS'
and request.method == 'OPTIONS'
):
return True