From 9fb9481bcfe604efeae268e9491dece6acb3c2cc Mon Sep 17 00:00:00 2001 From: Hironsan Date: Fri, 28 Jan 2022 20:52:38 +0900 Subject: [PATCH] Remove IsStaff permission Due to the duplication of IsAdminUser --- backend/api/permissions.py | 8 -------- backend/api/views/project.py | 5 ++--- 2 files changed, 2 insertions(+), 11 deletions(-) delete mode 100644 backend/api/permissions.py diff --git a/backend/api/permissions.py b/backend/api/permissions.py deleted file mode 100644 index 456c4fe9..00000000 --- a/backend/api/permissions.py +++ /dev/null @@ -1,8 +0,0 @@ -from rest_framework.permissions import BasePermission - - -class IsStaff(BasePermission): - def has_permission(self, request, view): - if request.user.is_superuser or request.user.is_staff: - return True - return False diff --git a/backend/api/views/project.py b/backend/api/views/project.py index da7ee6f1..4a22ae81 100644 --- a/backend/api/views/project.py +++ b/backend/api/views/project.py @@ -1,12 +1,11 @@ from django.conf import settings from rest_framework import generics, status -from rest_framework.permissions import IsAuthenticated +from rest_framework.permissions import IsAdminUser, IsAuthenticated from rest_framework.response import Response from members.permissions import IsInProjectReadOnlyOrAdmin from ..models import Project -from ..permissions import IsStaff from ..serializers import ProjectPolymorphicSerializer @@ -18,7 +17,7 @@ class ProjectList(generics.ListCreateAPIView): if self.request.method == 'GET': self.permission_classes = [IsAuthenticated, ] else: - self.permission_classes = [IsAuthenticated & IsStaff] + self.permission_classes = [IsAuthenticated & IsAdminUser] return super().get_permissions() def get_queryset(self):