segunda con sistemas

Clientes/views.py

@@ -26,6 +26,8 @@ from rest_framework.response import Response
 from rest_framework.permissions import IsAuthenticated
 from rest_framework import status
 
+from Sistemas.permissions import ItsAdminToken
+
 #EXCEL
 from openpyxl import Workbook
 from openpyxl.styles import Alignment, Border, Font, PatternFill, Side
@@ -231,7 +233,6 @@ def timbres_cliente(request, RFC):
     year = request.GET.get('year',None)
 
     if year is None or year=='':
-        
         today= datetime.date.today()
         year =today.year
 
@@ -390,26 +391,27 @@ def PACS_Retrive_RFCS(request):
 #--------------------------------------------
 
 class check_RFC(APIView):
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (ItsAdminToken,IsAuthenticated,)
     def get(self,request):
         rfc = request.GET.get('RFC', None)
         try:
+            if rfc is None or len(rfc)==0:
+                return Response({'Error': 'RFC parameter cannot be empty', 'isError': True})
+
             cliente, created = Clientes.objects.get_or_create(RFC=rfc)
             serializer = ClienteSerializer(cliente)
-
             if created:
                 cliente.Activo=True
                 cliente.save()
 
             if not serializer.is_valid:
-                return Response(serializer.errors,status=400)
+                return Response({'Error':f'{serializer.errors}','isError':True},status=200)
-
             return Response(serializer.data)
         except Exception as E:                      
             return Response({'Error':f'check_RFC:{E} RFC:{rfc}','isError':True})
 
 class add_timbre2(APIView):
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (ItsAdminToken,IsAuthenticated,)
     def get(self,request):        
         uuid= request.GET.get('uuid', None)
         rfcc= request.GET.get('rfcc', None)
@@ -436,7 +438,7 @@ class add_timbre2(APIView):
             return Response({'Error':f'{e}'})
 
 class saldo_funct2(APIView):
-    permission_classes =(IsAuthenticated,)
+    permission_classes =(ItsAdminToken,IsAuthenticated,)
     def get(self, request):
         timbres = request.GET.get('num',None)
         try:
@@ -450,7 +452,7 @@ class saldo_funct2(APIView):
         return Response(content)
 
 class check_host(APIView):
-    permission_classes = (IsAuthenticated,)    
+    permission_classes = (ItsAdminToken,IsAuthenticated,)    
     def post(self,request, format=None):
         data = request.data
         

Sistemas/permissions.py

@@ -1,4 +1,14 @@
 from rest_framework.permissions import BasePermission
+
+
 class HasAuthorizationHeader(BasePermission):
     def has_permission(self, request, view):
         return 'Authorization' in request.headers
+
+class ItsAdminToken(BasePermission):
+    def has_permission(self,request,view):        
+        return request.user.is_superuser
+
+class ItsAdminGroup(BasePermission):
+    def has_permission(self, request, view):
+        return request.user.groups.filter(name= 'admin_soft')