[UPDT] HORILLA API: api permission updated

2025-05-05 16:41:55 +05:30
parent d5d73e8696
commit be17a6daec
3 changed files with 20 additions and 0 deletions
--- a/horilla_api/api_views/attendance/views.py
+++ b/horilla_api/api_views/attendance/views.py
@@ -329,6 +329,8 @@ class ValidateAttendanceView(APIView):
        put(request, pk): Marks the attendance as validated and notifies the employee.
    """

+    permission_classes = [IsAuthenticated]
+
    def put(self, request, pk):
        attendance = Attendance.objects.filter(id=pk).update(attendance_validated=True)
        attendance = Attendance.objects.filter(id=pk).first()
@@ -358,6 +360,8 @@ class OvertimeApproveView(APIView):
        put(request, pk): Marks the overtime as approved and notifies the employee.
    """

+    permission_classes = [IsAuthenticated]
+
    def put(self, request, pk):
        try:
            attendance = Attendance.objects.filter(id=pk).update(
@@ -478,6 +482,8 @@ class AttendanceRequestApproveView(APIView):
        put(request, pk): Approves the attendance request, updates attendance records, and handles related activities.
    """

+    permission_classes = [IsAuthenticated]
+
    @manager_permission_required("attendance.change_attendance")
    def put(self, request, pk):
        try:
@@ -545,6 +551,8 @@ class AttendanceRequestCancelView(APIView):
        put(request, pk): Cancels the attendance request, resetting its status and data, and deletes the request if it was a create request.
    """

+    permission_classes = [IsAuthenticated]
+
    def put(self, request, pk):
        try:
            attendance = Attendance.objects.get(id=pk)
@@ -661,6 +669,8 @@ class AttendanceActivityView(APIView):
        get(request, pk=None): Retrieves a list of all attendance activity records.
    """

+    permission_classes = [IsAuthenticated]
+
    def get(self, request, pk=None):
        data = AttendanceActivity.objects.all()
        serializer = AttendanceActivitySerializer(data, many=True)
@@ -675,6 +685,8 @@ class TodayAttendance(APIView):
        get(request): Calculates and returns the attendance ratio for today.
    """

+    permission_classes = [IsAuthenticated]
+
    def get(self, request):

        today = datetime.today()
@@ -706,6 +718,8 @@ class OfflineEmployeesCountView(APIView):
        get(request): Returns the number of active employees who are not yet clocked in.
    """

+    permission_classes = [IsAuthenticated]
+
    def get(self, request):
        count = (
            EmployeeFilter({"not_in_yet": date.today()})
@@ -724,6 +738,8 @@ class OfflineEmployeesListView(APIView):
        get(request): Retrieves and paginates a list of employees not clocked in today with their leave status.
    """

+    permission_classes = [IsAuthenticated]
+
    def get(self, request):
        queryset = (
            EmployeeFilter({"not_in_yet": date.today()})
--- a/horilla_api/api_views/base/views.py
+++ b/horilla_api/api_views/base/views.py
@@ -429,6 +429,7 @@ class WorkTypeRequestView(APIView):


 class WorkTypeRequestCancelView(APIView):
+    permission_classes = [IsAuthenticated]

    def put(self, request, pk):
        work_type_request = WorkTypeRequest.find(pk)
@@ -1288,6 +1289,7 @@ class EmployeeTabPermissionCheck(APIView):


 class CheckUserLevel(APIView):
+
    def get(self, request):
        perm = request.GET.get("perm")
        if request.user.has_perm(perm):
--- a/horilla_api/api_views/employee/views.py
+++ b/horilla_api/api_views/employee/views.py
@@ -78,6 +78,8 @@ class EmployeeTypeAPIView(APIView):
        get(request, pk=None): Returns a single employee type if pk is provided, otherwise returns all employee types.
    """

+    permission_classes = [IsAuthenticated]
+
    def get(self, request, pk=None):
        if pk:
            employee_type = EmployeeType.objects.get(id=pk)