feat: Enhance admin permissions and improve product currency handling

backend/product/permissions.py

@@ -16,3 +16,170 @@ class ProductDetailCategoryPermission:
     def has_view_permission(self, request, obj=None):
         return True
     
+class ProductAdminPermission:
+    def has_add_permission(self, request):
+        return True
+    
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def get_queryset(self, request):
+        from product.models import ProductModel
+        if request.user.is_superuser:
+
+            return ProductModel.objects.all()
+        
+        if not hasattr(request.user, 'shop'):
+            return ProductModel.objects.none()
+        
+        return ProductModel.objects.filter(shop=request.user.shop)
+    
+
+class ProductVariantAdminPermission:
+    def has_add_permission(self, request):
+        return True
+    
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.product.shop
+    
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.product.shop
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.product.shop
+    
+    def get_queryset(self, request):
+        from product.models import ProductVariant
+        if request.user.is_superuser:
+
+            return ProductVariant.objects.all()
+        
+        if not hasattr(request.user, 'shop'):
+            return ProductVariant.objects.none()
+        
+        return ProductVariant.objects.filter(product__shop=request.user.shop)
+    
+
+
+class ProductVariantInlineAdminPermission:
+    def has_add_permission(self, request, obj):
+        return True
+    
+    def has_change_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def has_delete_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def has_view_permission(self, request, obj=None):
+        if request.user.is_superuser or obj == None:
+            return True
+        
+        if not hasattr(request.user, 'shop'):
+            return False
+        
+        return request.user.shop == obj.shop
+    
+    def get_queryset(self, request):
+        from product.models import ProductVariant
+        if request.user.is_superuser:
+
+            return ProductVariant.objects.all()
+        
+        if not hasattr(request.user, 'shop'):
+            return ProductVariant.objects.none()
+        
+        return ProductVariant.objects.filter(product__shop=request.user.shop)
+class InPackItemsAdminPermission:
+    def has_add_permission(self, request):
+        return True
+    
+    def has_change_permission(self, request, obj = ...):
+        return False
+    
+    def has_delete_permission(self, request, obj = ...):
+        return False
+    
+    def has_view_permission(self, request, obj = ...):
+        return True
+    
+class AttributeTypeAdminPermission:
+    def has_add_permission(self, request):
+        return True
+    
+    def has_change_permission(self, request, obj = ...):
+        return False
+    
+    def has_delete_permission(self, request, obj = ...):
+        return False
+    
+    def has_view_permission(self, request, obj = ...):
+        return True
+    
+
+class AttributeValueAdminPermission:
+    def has_add_permission(self, request):
+        return True
+    
+    def has_change_permission(self, request, obj = ...):
+        return False
+    
+    def has_delete_permission(self, request, obj = ...):
+        return False
+    
+    def has_view_permission(self, request, obj = ...):
+        return True