diff --git a/apiserver/apiserver/api/models.py b/apiserver/apiserver/api/models.py index 6b08b4b..b21f7e5 100644 --- a/apiserver/apiserver/api/models.py +++ b/apiserver/apiserver/api/models.py @@ -27,6 +27,7 @@ class Member(models.Model): postal_code = models.CharField(max_length=16, null=True) is_director = models.BooleanField(default=False) + is_staff = models.BooleanField(default=False) is_instructor = models.BooleanField(default=False) status = models.CharField(max_length=32, blank=True, null=True) expire_date = models.DateField(default=date.today, null=True) diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py index fc3e075..99e2ebd 100644 --- a/apiserver/apiserver/api/serializers.py +++ b/apiserver/apiserver/api/serializers.py @@ -81,6 +81,7 @@ class MemberSerializer(serializers.ModelSerializer): read_only_fields = [ 'id', 'is_director', + 'is_staff', 'is_instructor', 'status', 'expire_date', diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py index 717e50d..7efa2ec 100644 --- a/apiserver/apiserver/api/views.py +++ b/apiserver/apiserver/api/views.py @@ -15,7 +15,7 @@ class AllowMetadata(BasePermission): return request.method in ['OPTIONS', 'HEAD'] def is_admin_director(user): - return user.is_staff or user.member.is_director + return user.is_staff or user.member.is_director or user.member.is_staff class IsOwnerOrAdmin(BasePermission): def has_object_permission(self, request, view, obj): diff --git a/webclient/src/Admin.js b/webclient/src/Admin.js index abb24ce..4a53f47 100644 --- a/webclient/src/Admin.js +++ b/webclient/src/Admin.js @@ -87,6 +87,16 @@ export function AdminMemberForm(props) { /> +