diff --git a/src/backend/role_permission.py b/src/backend/role_permission.py
index 5348e9cb721fb2af23d048d5439a0559c673b4f2..17c646f0630b5bae55649b3469a39b481bbd62cd 100644
--- a/src/backend/role_permission.py
+++ b/src/backend/role_permission.py
@@ -11,14 +11,14 @@ class IsProvider(BasePermission):
"""
def has_permission(self, request, view):
- return bool(has_permission(request.user, Roles.CREATE_PROVIDER))
+ return bool(request.user.has_perm(Roles.CREATE_PROVIDER))
class IsProviderManager(BasePermission):
def has_permission(self, request, view):
- return bool(has_permission(request.user, Roles.MANAGE_PROVIDER_KEYS))
+ return bool(request.user.has_perm(Roles.MANAGE_PROVIDER_KEYS))
class IsAnalyst(BasePermission):
def has_permission(self, request, view):
- return bool(has_permission(request.user, Roles.MANAGE_ANALYTICS_TOKENS))
+ return bool(request.user.has_perm( Roles.MANAGE_ANALYTICS_TOKENS))
diff --git a/src/backend/roles.py b/src/backend/roles.py
index d31aebab3e4a9fc9b8383d7a50b62f4160a2461a..b8ac23807b2ffbe0d0864641c28d33d2fbce062b 100644
--- a/src/backend/roles.py
+++ b/src/backend/roles.py
@@ -3,14 +3,14 @@ from strenum import StrEnum
class Roles(StrEnum):
- CREATE_USER = 'create_user',
- EDIT_USER = 'edit_user',
- CREATE_PROVIDER = 'create_provider',
- CHANGE_PROVIDER = 'change_provider',
- MANAGE_PROVIDER_KEYS = 'manage_provider_keys',
- MANAGE_ANALYTICS_TOKENS = 'manage_analytics_tokens',
- CREATE_USER_CONSENT = 'create_user_consent',
- REQUEST_USER_DATA = 'request_user_data',
+ CREATE_USER = 'users.create_user',
+ EDIT_USER = 'users.edit_user',
+ CREATE_PROVIDER = 'users.create_provider',
+ CHANGE_PROVIDER = 'users.change_provider',
+ MANAGE_PROVIDER_KEYS = 'users.manage_provider_keys',
+ MANAGE_ANALYTICS_TOKENS = 'users.manage_analytics_tokens',
+ CREATE_USER_CONSENT = 'users.create_user_consent',
+ REQUEST_USER_DATA = 'users.request_user_data',
class PolarisAdministrator(AbstractUserRole):
diff --git a/src/backend/urls.py b/src/backend/urls.py
index 9a7e20b45d645f6f7abc75d343b6f41af38bc813..090ac67932c333abaa1e6e6335e8dd7c5efb312c 100644
--- a/src/backend/urls.py
+++ b/src/backend/urls.py
@@ -67,11 +67,11 @@ urlpatterns = [
re_path(r"^saml2/meta(?:data)?/?$", views.MetadataView.as_view(), name="sso-saml2-meta"),
re_path(r"^sso-dev/?$", views.DevView.as_view(), name="sso-dev"),
- path("app/de/", render_angular_de),
- path("app/en/", render_angular_en),
- re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR, "frontend/dist/frontend/de")}),
- re_path(r"^$", detect_lang_redirect),
- re_path(r"^(?:.*)/?$", detect_lang_redirect),
+ # path("app/de/", render_angular_de),
+ # path("app/en/", render_angular_en),
+ # re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR, "frontend/dist/frontend/de")}),
+ # re_path(r"^$", detect_lang_redirect),
+ # re_path(r"^(?:.*)/?$", detect_lang_redirect),
]
if settings.DEBUG == "True":
diff --git a/src/requirements.txt b/src/requirements.txt
index 66b80ae5be66e250260714abb68b6ea38472215e..86f247a097365616aec6f5b68c72fe8b1846c639 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -103,5 +103,5 @@ watchdog==2.2.1
wcwidth==0.2.5
whitenoise==6.3.0
wrapt==1.14.1
-zeep==4.2.1
+zeep==4.3.1
zipp==1.0.0
diff --git a/src/users/models.py b/src/users/models.py
index 6f52c18746185e2db52d8ef53d1d3a6a59fe823e..d82ee3db4e47bf646c565efda37228822c4f5dbd 100644
--- a/src/users/models.py
+++ b/src/users/models.py
@@ -1,7 +1,7 @@
from datetime import date
from django.conf import settings
-from django.contrib.auth.models import AbstractUser
+from django.contrib.auth.models import AbstractUser, Permission
from django.db import models
from django.utils.translation import gettext_lazy as _
@@ -24,3 +24,25 @@ class CustomUser(AbstractUser):
def __str__(self):
return f"Custom user {self.id}: {self.email}"
+
+ def has_perm(self, perm, obj=None):
+ """
+ Custom permission check:
+ - Includes direct user permissions
+ - Includes group-based permissions
+ """
+ if self.is_superuser: # Superuser has all permissions
+ return True
+
+ # Check direct user permissions
+ if self.user_permissions.filter(codename=perm.split(".")[-1]).exists():
+ return True
+
+ # Check group-based permissions
+ group_permissions = Permission.objects.filter(group__user=self).values_list(
+ "codename", flat=True
+ )
+ if perm.split(".")[-1] in group_permissions:
+ return True
+
+ return False
\ No newline at end of file
diff --git a/src/users/views.py b/src/users/views.py
index d4927929d4e8d3cd28e4fb0ae79ff15ed253b100..c708f7b952553d1515e3298c12ee8be873b16dd8 100644
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -30,7 +30,7 @@ class CreateUserView(APIView):
parser_class = (JsonUploadParser,)
def put(self, request, format=None):
- if has_permission(request.user, Roles.CREATE_USER):
+ if request.user.has_perm(Roles.CREATE_USER):
email = request.data.get("email", None)
password = request.data.get("password", None)
assign_provider_role = request.data.get("assign_provider_role", None)
@@ -161,12 +161,14 @@ class UserListView(APIView):
permission_classes = (IsAuthenticated,)
def get(self, request):
- if has_permission(request.user, Roles.EDIT_USER):
+ if request.user.has_perm(Roles.EDIT_USER):
users = CustomUser.objects.all()
users = UserSerializer(users, many=True).data
return JsonResponse(users,
safe=False,
status=status.HTTP_200_OK)
+ return JsonResponse({"status": "error", "message": 'not permissions'},
+ status=status.HTTP_401_UNAUTHORIZED)
class GroupListView(APIView):
@@ -199,7 +201,7 @@ class PermissionsUpdateView(APIView):
permission_classes = (IsAuthenticated,)
def post(self, request, user_id):
- if not has_permission(request.user, Roles.EDIT_USER):
+ if not request.user.has_perm(Roles.EDIT_USER):
return JsonResponse({"status": "error", "message": 'not permissions'},
status=status.HTTP_401_UNAUTHORIZED)
try: