feat: Enhance admin permissions and improve product currency handling

2025-12-10 12:38:42 +03:30
parent f0ff23094f
commit 9ea69925c9
13 changed files with 438 additions and 47 deletions
@@ -11,7 +11,7 @@ from django.utils.html import format_html, format_html_join
 from azbankgateways.models.banks import Bank
 from unfold.decorators import action
 from django.shortcuts import redirect
-
+from .permissons import ShopOrderAdminPermission

 class OrderItemModelInline(StackedInline):
    model = OrderItemModel
@@ -62,6 +62,26 @@ from .models import ShopDailyReport, ShopOrderModel
@admin.register(ShopDailyReport)
 class ShopDailyReportAdmin(ModelAdmin):
    pass
+    def get_queryset(self, request):
+
+        if request.user.is_superuser:
+            return ShopOrderModel.objects.all()
+        
+        if not hasattr(request.user, 'shop'):
+            return ShopOrderModel.objects.none()
+        
+        queryset = ShopOrderModel.objects.filter(shop=request.user.shop)
+        return queryset
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+

 class ShopOrderItemInline(StackedInline):
    model = ShopOrderItem
@@ -75,9 +95,22 @@ class ShopOrderItemInline(StackedInline):


@admin.register(ShopOrderModel)
-class ShopOrderModelAdmin(ModelAdmin):
+class ShopOrderModelAdmin(ShopOrderAdminPermission, ModelAdmin):
    inlines = [ShopOrderItemInline]

+
+    def get_queryset(self, request):
+
+        if request.user.is_superuser:
+            return ShopOrderModel.objects.all()
+        
+        if not hasattr(request.user, 'shop'):
+            return ShopOrderModel.objects.none()
+        
+        queryset = ShopOrderModel.objects.filter(shop=request.user.shop)
+        return queryset
+    
+
@admin.register(OrderModel)
 class OrderAdmin(ModelAdmin, ImportExportModelAdmin):
    import_form_class = ImportForm
@@ -44,4 +44,29 @@ class PaymentCallBackPermissions(BasePermission):
        if obj.order.user != request.user:
            self.message = "این پرداخت متعلق به شما نیست."
            return False    
-        return True
+        return True
+    
+
+class ShopOrderAdminPermission:
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def has_add_permission(self, request):
+        return False
+    
+    def has_delete_permission(self, request, obj=None):
+
+        if request.user.is_superuser:
+            return True
+        
+        if obj is None:
+            return False
+        
+        return obj.shop == request.user.shop
+