adsasdasd

backend/igny8_core/api/base.py

@@ -21,6 +21,21 @@ class AccountModelViewSet(viewsets.ModelViewSet):
             user = getattr(self.request, 'user', None)
 
             if user and hasattr(user, 'is_authenticated') and user.is_authenticated:
+                # Bypass filtering for superusers - they can see everything
+                if getattr(user, 'is_superuser', False):
+                    return queryset
+                
+                # Bypass filtering for developers
+                if hasattr(user, 'role') and user.role == 'developer':
+                    return queryset
+                
+                # Bypass filtering for system account users
+                try:
+                    if hasattr(user, 'is_system_account_user') and user.is_system_account_user():
+                        return queryset
+                except Exception:
+                    pass
+                
                 try:
                     account = getattr(self.request, 'account', None)
                     if not account and hasattr(self.request, 'user') and self.request.user and hasattr(self.request.user, 'is_authenticated') and self.request.user.is_authenticated:
@@ -239,6 +254,29 @@ class SiteSectorModelViewSet(AccountModelViewSet):
             
             # Check if user is authenticated and is a proper User instance (not AnonymousUser)
             if user and hasattr(user, 'is_authenticated') and user.is_authenticated and hasattr(user, 'get_accessible_sites'):
+                # Bypass site filtering for superusers and developers
+                # They already got unfiltered queryset from parent AccountModelViewSet
+                if getattr(user, 'is_superuser', False) or (hasattr(user, 'role') and user.role == 'developer'):
+                    # No site filtering for superuser/developer
+                    # But still apply query param filters if provided
+                    try:
+                        query_params = getattr(self.request, 'query_params', None)
+                        if query_params is None:
+                            query_params = getattr(self.request, 'GET', {})
+                        site_id = query_params.get('site_id') or query_params.get('site')
+                    except AttributeError:
+                        site_id = None
+                    
+                    if site_id:
+                        try:
+                            site_id_int = int(site_id) if site_id else None
+                            if site_id_int:
+                                queryset = queryset.filter(site_id=site_id_int)
+                        except (ValueError, TypeError):
+                            pass
+                    
+                    return queryset
+                
                 try:
                     # Get user's accessible sites
                     accessible_sites = user.get_accessible_sites()