diff --git a/chats/apps/api/v1/external/permissions.py b/chats/apps/api/v1/external/permissions.py index 8c2aa489..318e014e 100644 --- a/chats/apps/api/v1/external/permissions.py +++ b/chats/apps/api/v1/external/permissions.py @@ -5,16 +5,10 @@ class IsAdminPermission(permissions.BasePermission): - def get_auth_permission(self, request): - auth_header = request.META.get("HTTP_AUTHORIZATION") - auth_token = auth_header.split()[1] - permission = ProjectPermission.objects.get(pk=auth_token, role=1) - return permission - def has_permission(self, request, view): # pragma: no cover if view.action in ["list", "create"]: try: - permission = self.get_auth_permission(request) + permission = request.auth project = permission.project validation = ValidatePermissionRequest( @@ -32,7 +26,7 @@ def has_object_permission(self, request, view, obj): Return `True` if permission is granted, `False` otherwise. """ try: - permission = self.get_auth_permission(request) + permission = request.auth project = obj.project except ProjectPermission.DoesNotExist: return False diff --git a/chats/apps/api/v1/external/rooms/viewsets.py b/chats/apps/api/v1/external/rooms/viewsets.py index d52967b2..c5014227 100644 --- a/chats/apps/api/v1/external/rooms/viewsets.py +++ b/chats/apps/api/v1/external/rooms/viewsets.py @@ -187,9 +187,6 @@ def partial_update(self, request, pk=None): class CustomFieldsUserExternalViewSet(viewsets.ViewSet): serializer_class = RoomFlowSerializer - permission_classes = [ - IsAdminPermission, - ] authentication_classes = [ProjectAdminAuthentication] def partial_update(self, request, pk=None): @@ -200,7 +197,7 @@ def partial_update(self, request, pk=None): return Response( {"Detail": "No contact id on the request"}, status.HTTP_400_BAD_REQUEST ) - request_permission = self.request.auth + request_permission = request.auth project = request_permission.project response = FlowRESTClient().create_contact(