feature/rbac permisos y roles implementados

2026-05-21 07:54:59 -06:00
parent 9bbed42cf3
commit a318b70324
38 changed files with 2596 additions and 901 deletions
--- a/api/notificaciones/views.py
+++ b/api/notificaciones/views.py
@@ -1,39 +1,36 @@
-from django.shortcuts import render
 from rest_framework import viewsets
 from rest_framework.permissions import IsAuthenticated
+from rest_framework.exceptions import PermissionDenied
+
 from .models import Notificacion, TipoNotificacion
 from .serializers import NotificacionSerializer, TipoNotificacionSerializer
-from core.permissions import (
-    IsSameOrganization, 
-    IsSameOrganizationDeveloper,
-    IsSameOrganizationAndAdmin,
-    IsSuperUser
-)
-# Create your views here.
+from core.permissions import require_permission
+

 class TipoNotificacionViewSet(viewsets.ModelViewSet):
    queryset = TipoNotificacion.objects.all()
    serializer_class = TipoNotificacionSerializer
    http_method_names = ['get']
-
-    permission_classes = [IsAuthenticated &  (IsSameOrganization | IsSameOrganizationAndAdmin | IsSameOrganizationDeveloper | IsSuperUser)]
-
+    permission_classes = [IsAuthenticated]
    my_tags = ['Notificaciones']
-    
+
    def get_queryset(self):
        return self.queryset.order_by('tipo')

+
 class NotificacionViewSet(viewsets.ModelViewSet):
    queryset = Notificacion.objects.all()
    serializer_class = NotificacionSerializer
    http_method_names = ['get', 'post', 'put', 'patch', 'delete']
    filterset_fields = ['visto']
-
-    permission_classes = [IsAuthenticated &  (IsSameOrganization | IsSameOrganizationAndAdmin | IsSameOrganizationDeveloper | IsSuperUser)]
    my_tags = ['Notificaciones']

+    def get_permissions(self):
+        if self.action in ('list', 'retrieve'):
+            return [IsAuthenticated(), require_permission('notificaciones.view')()]
+        return [IsAuthenticated()]
+
    def get_queryset(self):
-        # Evita error en generación de esquema Swagger
        if getattr(self, 'swagger_fake_view', False):
            return Notificacion.objects.none()
        user = self.request.user
@@ -45,6 +42,6 @@ class NotificacionViewSet(viewsets.ModelViewSet):
        if not self.request.user.is_authenticated:
            raise PermissionDenied("Usuario no autenticado")
        if self.request.user.is_superuser:
-            # Allow superusers and admins to create notifications for any user
            serializer.save()
-        raise PermissionDenied("No tienes permiso para crear notificaciones para otros usuarios")
+            return
+        raise PermissionDenied("No tienes permiso para crear notificaciones para otros usuarios")