From 0bac2da027a161a9cd933bf928a33fe38a60d56b Mon Sep 17 00:00:00 2001 From: Toksi Date: Thu, 9 Oct 2025 13:43:12 +0500 Subject: [PATCH 1/2] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B0=D0=B0=20=D0=BE=D1=88=D0=B8=D0=B1=D0=BA=D0=B0?= =?UTF-8?q?=20=D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF=D0=B0=20=D0=BF=D1=80?= =?UTF-8?q?=D0=B8=20=D1=81=D0=BE=D0=B7=D0=B4=D0=B0=D0=BD=D0=B8=D1=8E=20?= =?UTF-8?q?=D0=BA=D0=BE=D0=BC=D0=BF=D0=B0=D0=BD=D0=B8=D0=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- projects/permissions.py | 4 ++-- projects/views.py | 9 +++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/projects/permissions.py b/projects/permissions.py index 5af6b320..886a6d72 100644 --- a/projects/permissions.py +++ b/projects/permissions.py @@ -159,7 +159,7 @@ class IsProjectLeaderOrReadOnly(BasePermission): Создавать/изменять/удалять может только лидер проекта. """ - message = "Только лидер проекта может создавать, изменять или удалять цели." + message = "Только лидер проекта может создавать, изменять или удалять параметры." def has_permission(self, request, view): if request.method in SAFE_METHODS: @@ -169,7 +169,7 @@ def has_permission(self, request, view): return False project_pk = view.kwargs.get("project_pk") - project_id = project_pk or request.data.get("project") + project_id = project_pk or view.kwargs.get("project_id") or request.data.get("project") if not project_id: return False diff --git a/projects/views.py b/projects/views.py index 78d45861..4cff1107 100644 --- a/projects/views.py +++ b/projects/views.py @@ -943,9 +943,7 @@ def patch(self, request, project_id: int, company_id: int): return link_or_resp link = link_or_resp - perm_resp = self._check_permissions(request, project) - if perm_resp: - return perm_resp + self.check_object_permissions(request, link) serializer = ProjectCompanyUpdateSerializer( link, data=request.data, partial=True, context={"request": request} @@ -988,9 +986,8 @@ def delete(self, request, project_id: int, company_id: int): return link_or_resp link = link_or_resp - perm_resp = self._check_permissions(request, project) - if perm_resp: - return perm_resp + # объектная проверка прав + self.check_object_permissions(request, link) link.delete() return Response(status=status.HTTP_204_NO_CONTENT) From d2239bec22ac04cc9ec6aaf5bb7ebb564d2693be Mon Sep 17 00:00:00 2001 From: Toksi Date: Thu, 9 Oct 2025 13:46:16 +0500 Subject: [PATCH 2/2] =?UTF-8?q?=D0=A3=D0=B4=D0=B0=D0=BB=D1=91=D0=BD=20?= =?UTF-8?q?=D0=BB=D0=B8=D1=88=D0=BD=D0=B8=D0=B9=20=D0=BA=D0=BE=D0=BC=D0=BC?= =?UTF-8?q?=D0=B5=D0=BD=D1=82=D0=B0=D1=80=D0=B8=D0=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- projects/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/projects/views.py b/projects/views.py index 4cff1107..a3625c4e 100644 --- a/projects/views.py +++ b/projects/views.py @@ -986,7 +986,6 @@ def delete(self, request, project_id: int, company_id: int): return link_or_resp link = link_or_resp - # объектная проверка прав self.check_object_permissions(request, link) link.delete()