zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-13 21:19:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix perms

Browse source
This commit is contained in:
zandercymatics 2024-08-08 10:21:10 -06:00
parent e90ef9ba98
commit ee7b886fbc
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/registrar/views/utility/api_views.py
View file

@ -2,22 +2,21 @@ import logging
from django.http import JsonResponse from django.http import JsonResponse
from django.forms.models import model_to_dict from django.forms.models import model_to_dict
from registrar.models import FederalAgency, SeniorOfficial from registrar.models import FederalAgency, SeniorOfficial
from django.utils.dateformat import format from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.urls import reverse
from django.db.models import Q
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@login_required @login_required
@staff_member_required
def get_senior_official_from_federal_agency_json(request): def get_senior_official_from_federal_agency_json(request):
"""Returns federal_agency information as a JSON""" """Returns federal_agency information as a JSON"""
# This API is only accessible to admins and analysts # This API is only accessible to admins and analysts
superuser_perm = request.user.has_perm("registrar.full_access_permission") superuser_perm = request.user.has_perm("registrar.full_access_permission")
analyst_perm = request.user.has_perm("registrar.analyst_access_permission") analyst_perm = request.user.has_perm("registrar.analyst_access_permission")
if not request.user.is_authenticated or not analyst_perm or not superuser_perm: if not request.user.is_authenticated or not any([analyst_perm, superuser_perm]):
return JsonResponse({"error": "You do not have access to this resource"}, status=403) return JsonResponse({"error": "You do not have access to this resource"}, status=403)
agency_name = request.GET.get("agency_name") agency_name = request.GET.get("agency_name")