fix(access): enable org manager to view orgs

!35 fixes #105
2024-07-11 15:37:16 +09:30
parent 860eaa6749
commit 937e935949
1 changed files with 23 additions and 2 deletions
--- a/app/access/mixin.py
+++ b/app/access/mixin.py
@ -191,8 +191,17 @@ class OrganizationMixin():

        is_organization_manager = False

+        queryset = None
+
+        if hasattr(self, 'get_queryset'):
+
+            queryset = self.get_queryset()
+
+        obj = None
+
        if hasattr(self, 'get_object'):

+
            try:

                obj = self.get_object()
@ -201,13 +210,17 @@ class OrganizationMixin():

                pass

+            organization_manager = None
+
            if hasattr(self, 'model'):

                if self.model._meta.label_lower in organization_manager_models:

                    organization = Organization.objects.get(pk=self.object_organization())

-                    if organization.manager == request.user:
+                    organization_manager = organization.manager
+
+                    if organization_manager == request.user:

                        is_organization_manager = True

@ -224,10 +237,18 @@ class OrganizationMixin():

            return True

-        if self.request.user.has_perms(perms):
+        if self.request.user.has_perms(perms) and len(self.kwargs) == 0 and str(self.request.method).lower() == 'get':

            return True

+        for required_permission in self.permission_required:
+
+            if required_permission.replace(
+                    'view_', ''
+                ) == 'access.organization' and organization_manager == request.user:
+
+                return True
+
        return False