fix: Allow superusers delete adhoc and playbook

2025-09-06 18:00:57 +00:00 · 2025-04-16 17:07:16 +08:00
parent 0131eaa6db
commit ee97e45cc3
3 changed files with 13 additions and 17 deletions
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -87,3 +87,12 @@ class IsValidLicense(permissions.BasePermission):

    def has_permission(self, request, view):
        return settings.XPACK_LICENSE_IS_VALID
+
+
+class IsOwnerOrAdminWritable(IsValidUser):
+    def has_object_permission(self, request, view, obj):
+        if request.user.is_superuser:
+            return super().has_permission(request, view)
+        if request.method != 'GET' and obj.creator != request.user:
+            return False
+        return super().has_permission(request, view)