From 23c639f92086bb97cb248126c99b75a9a6005f40 Mon Sep 17 00:00:00 2001
From: lruzicki <lruzicki@gmail.com>
Date: Tue, 11 Apr 2023 12:45:11 +0200
Subject: [PATCH] OTC-801: not super user can only manage his roles

---
 core/schema.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/core/schema.py b/core/schema.py
index 7d73c40a..9445a1eb 100644
--- a/core/schema.py
+++ b/core/schema.py
@@ -676,6 +676,13 @@ def resolve_role(self, info, **kwargs):
         filters = []
         query = Role.objects
 
+        if not info.context.user.is_superuser:
+            user_roles = UserRole.objects.filter(
+                user=info.context.user.i_user.id,
+                validity_to__isnull=True
+            ).values_list('role')
+            filters.append(Q(id__in=user_roles))
+
         text_search = kwargs.get("str")
         if text_search:
             filters.append(Q(name__icontains=text_search))