diff --git a/.idea/Rasaddam_Backend.iml b/.idea/Rasaddam_Backend.iml
index 168bde0..c5d6090 100644
--- a/.idea/Rasaddam_Backend.iml
+++ b/.idea/Rasaddam_Backend.iml
@@ -14,7 +14,7 @@
-
+
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 296aa57..29f5506 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -1,4 +1,4 @@
-
+
\ No newline at end of file
diff --git a/apps/authorization/api/v1/serializers.py b/apps/authorization/api/v1/serializers.py
index b970ed4..deb721f 100644
--- a/apps/authorization/api/v1/serializers.py
+++ b/apps/authorization/api/v1/serializers.py
@@ -8,7 +8,6 @@ from apps.authorization.models import (
Page
)
from apps.authentication.api.v1.serializers import serializer as auth_serializer
-from apps.authentication.models import Organization
import itertools
@@ -146,9 +145,16 @@ class UserRelationSerializer(serializers.ModelSerializer):
def update(self, instance, validated_data):
""" update user relation object """
- instance.role = validated_data.get('role', instance.role)
+ # if role of user changed, clear all permissions and set new role permissions for user
+ if not instance.role == validated_data.get('role', instance.role):
+ instance.role = validated_data.get('role', instance.role)
+ instance.permissions.clear()
+ instance.permissions.add(*instance.role.permissions.all())
+
instance.organization = validated_data.get('organization', instance.organization)
instance.save()
- instance.permissions.clear()
- instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
+
+ if validated_data.get('permissions'):
+ instance.permissions.clear()
+ instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
return instance