Features: 1) Add get_queryset method to filter queries based on user permissions;

Fixes: 1) None; Extra: None;
2025-05-29 23:07:02 +03:00 · 2025-05-29 23:07:02 +03:00 · ac3268748e
commit ac3268748e
parent 04656ea223
1 changed files with 9 additions and 0 deletions
--- a/core/viewsets.py
+++ b/core/viewsets.py
@ -234,6 +234,15 @@ class OrderViewSet(EvibesViewSet):
        "remove_order_product": RemoveOrderProductSerializer,
    }

+    def get_queryset(self):
+        qs = super().get_queryset()
+        user = self.request.user
+
+        if user.has_perm("core.view_order"):
+            return qs
+
+        return qs.filter(user=user)
+
    @action(detail=False, methods=["get"], url_path="current")
    def current(self, request, *_args, **kwargs):
        if not request.user.is_authenticated: