20 lines
761 B
Python
20 lines
761 B
Python
from django.shortcuts import redirect
|
|
from hrm.models import employee
|
|
|
|
class permissionEnforceMiddleware():
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
def __call__(self, request):
|
|
if request.path.startswith('/manager'):
|
|
user = employee.objects.get(employee__id=request.user.id)
|
|
groups = user.groups.all()
|
|
for group in groups:
|
|
adminGroups = ['manager', 'hr', 'smt']
|
|
if any(grp in group.name.lower() for grp in adminGroups):
|
|
response = self.get_response(request)
|
|
return response
|
|
|
|
return redirect('403')
|
|
else:
|
|
response = self.get_response(request)
|
|
return response |