diff --git a/horilla_api/api_views/attendance/views.py b/horilla_api/api_views/attendance/views.py index c839cf425..de3460e92 100644 --- a/horilla_api/api_views/attendance/views.py +++ b/horilla_api/api_views/attendance/views.py @@ -329,6 +329,8 @@ class ValidateAttendanceView(APIView): put(request, pk): Marks the attendance as validated and notifies the employee. """ + permission_classes = [IsAuthenticated] + def put(self, request, pk): attendance = Attendance.objects.filter(id=pk).update(attendance_validated=True) attendance = Attendance.objects.filter(id=pk).first() @@ -358,6 +360,8 @@ class OvertimeApproveView(APIView): put(request, pk): Marks the overtime as approved and notifies the employee. """ + permission_classes = [IsAuthenticated] + def put(self, request, pk): try: attendance = Attendance.objects.filter(id=pk).update( @@ -478,6 +482,8 @@ class AttendanceRequestApproveView(APIView): put(request, pk): Approves the attendance request, updates attendance records, and handles related activities. """ + permission_classes = [IsAuthenticated] + @manager_permission_required("attendance.change_attendance") def put(self, request, pk): try: @@ -545,6 +551,8 @@ class AttendanceRequestCancelView(APIView): put(request, pk): Cancels the attendance request, resetting its status and data, and deletes the request if it was a create request. """ + permission_classes = [IsAuthenticated] + def put(self, request, pk): try: attendance = Attendance.objects.get(id=pk) @@ -661,6 +669,8 @@ class AttendanceActivityView(APIView): get(request, pk=None): Retrieves a list of all attendance activity records. """ + permission_classes = [IsAuthenticated] + def get(self, request, pk=None): data = AttendanceActivity.objects.all() serializer = AttendanceActivitySerializer(data, many=True) @@ -675,6 +685,8 @@ class TodayAttendance(APIView): get(request): Calculates and returns the attendance ratio for today. """ + permission_classes = [IsAuthenticated] + def get(self, request): today = datetime.today() @@ -706,6 +718,8 @@ class OfflineEmployeesCountView(APIView): get(request): Returns the number of active employees who are not yet clocked in. """ + permission_classes = [IsAuthenticated] + def get(self, request): count = ( EmployeeFilter({"not_in_yet": date.today()}) @@ -724,6 +738,8 @@ class OfflineEmployeesListView(APIView): get(request): Retrieves and paginates a list of employees not clocked in today with their leave status. """ + permission_classes = [IsAuthenticated] + def get(self, request): queryset = ( EmployeeFilter({"not_in_yet": date.today()}) diff --git a/horilla_api/api_views/base/views.py b/horilla_api/api_views/base/views.py index 48b7c92e8..7a865bfc3 100644 --- a/horilla_api/api_views/base/views.py +++ b/horilla_api/api_views/base/views.py @@ -429,6 +429,7 @@ class WorkTypeRequestView(APIView): class WorkTypeRequestCancelView(APIView): + permission_classes = [IsAuthenticated] def put(self, request, pk): work_type_request = WorkTypeRequest.find(pk) @@ -1288,6 +1289,7 @@ class EmployeeTabPermissionCheck(APIView): class CheckUserLevel(APIView): + def get(self, request): perm = request.GET.get("perm") if request.user.has_perm(perm): diff --git a/horilla_api/api_views/employee/views.py b/horilla_api/api_views/employee/views.py index 7c4004437..3cc68bc57 100644 --- a/horilla_api/api_views/employee/views.py +++ b/horilla_api/api_views/employee/views.py @@ -78,6 +78,8 @@ class EmployeeTypeAPIView(APIView): get(request, pk=None): Returns a single employee type if pk is provided, otherwise returns all employee types. """ + permission_classes = [IsAuthenticated] + def get(self, request, pk=None): if pk: employee_type = EmployeeType.objects.get(id=pk)