salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new kw for it services & sectors alignment & viewer access partial fixed

Browse Source
This commit is contained in:
IGNY8 VPS (Salman)
2026-02-20 23:29:51 +00:00
parent 2011e48145
commit 341f7c5bc7
110 changed files with 4768 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
backend/igny8_core/auth/views.py
View File

@@ -25,7 +25,7 @@ from .serializers import (
IndustrySerializer, IndustrySectorSerializer, SeedKeywordSerializer,
RefreshTokenSerializer, RequestPasswordResetSerializer, ResetPasswordSerializer
)
from .permissions import IsOwnerOrAdmin, IsEditorOrAbove
from .permissions import IsOwnerOrAdmin, IsEditorOrAbove, IsViewerOrAbove
from .utils import generate_access_token, generate_refresh_token, get_token_expiry, decode_token
from .models import PasswordResetToken
import jwt
@@ -494,6 +494,17 @@ class PlanViewSet(viewsets.ReadOnlyModelViewSet):
)
class _IsOwnerOnly(permissions.BasePermission):
"""Only owner or developer can perform this action (e.g., create sites)."""
def has_permission(self, request, view):
user = getattr(request, 'user', None)
if not user or not user.is_authenticated:
return False
if getattr(user, 'is_superuser', False):
return True
return getattr(user, 'role', '') in ['owner', 'developer']
@extend_schema_view(
list=extend_schema(tags=['Authentication']),
create=extend_schema(tags=['Authentication']),
@@ -509,14 +520,16 @@ class SiteViewSet(AccountModelViewSet):
authentication_classes = [JWTAuthentication]
def get_permissions(self):
"""Allow normal users (viewer) to create sites, but require editor+ for other operations."""
"""Viewers can list/retrieve sites; creation restricted to owner; writes require editor+."""
# Allow public read access for list requests with slug filter (used by Sites Renderer)
if self.action == 'list' and self.request.query_params.get('slug'):
from rest_framework.permissions import AllowAny
return [AllowAny()]
if self.action == 'create':
# For create, only require authentication - not active account status
return [permissions.IsAuthenticated()]
# Only owners and developers can create new sites (admin cannot)
return [permissions.IsAuthenticated(), _IsOwnerOnly()]
if self.action in ['list', 'retrieve']:
return [IsAuthenticatedAndActive(), HasTenantAccess(), IsViewerOrAbove()]
return [IsAuthenticatedAndActive(), HasTenantAccess(), IsEditorOrAbove()]
def get_queryset(self):
@@ -772,7 +785,13 @@ class SectorViewSet(AccountModelViewSet):
serializer_class = SectorSerializer
permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsEditorOrAbove]
authentication_classes = [JWTAuthentication]
def get_permissions(self):
"""Viewers can list/retrieve sectors; writes require editor+."""
if self.action in ['list', 'retrieve']:
return [IsAuthenticatedAndActive(), HasTenantAccess(), IsViewerOrAbove()]
return [IsAuthenticatedAndActive(), HasTenantAccess(), IsEditorOrAbove()]
def get_queryset(self):
"""Return sectors from sites accessible to the current user."""
user = self.request.user