Migrate to global currency system in commerce app

Removed per-product currency in favor of a global site currency managed via SiteConfiguration. Updated models, views, templates, and Stripe integration to use the global currency. Added migration, management command for migration, and API endpoint for currency info. Improved permissions and filtering for orders, reviews, and carts. Expanded supported currencies in configuration.
2026-01-24 21:51:56 +01:00
parent 8f6d864b4b
commit 775709bd08
19 changed files with 371 additions and 102 deletions
--- a/backend/account/views.py
+++ b/backend/account/views.py
@@ -250,10 +250,19 @@ class UserView(viewsets.ModelViewSet):
            # Fallback - deny access (prevents AttributeError for AnonymousUser)
            return [OnlyRolesAllowed("admin")()]

-        # Any authenticated user can retrieve (view) any user's profile
-        #FIXME: popřemýšlet co vše může získat
+        # Users can only view their own profile, admins can view any profile
        elif self.action == 'retrieve':
-            return [IsAuthenticated()]
+            user = getattr(self, 'request', None) and getattr(self.request, 'user', None)
+            # Admins can view any user profile
+            if user and getattr(user, 'is_authenticated', False) and getattr(user, 'role', None) == 'admin':
+                return [IsAuthenticated()]
+            
+            # Users can view their own profile
+            if user and getattr(user, 'is_authenticated', False) and self.kwargs.get('pk') and str(getattr(user, 'id', '')) == self.kwargs['pk']:
+                return [IsAuthenticated()]
+            
+            # Deny access to other users' profiles
+            return [OnlyRolesAllowed("admin")()]

        return super().get_permissions()