1👍
✅
move the code to check permissions below the code where you check for search param so that you are applying the user filter after checking for search_params
def get_queryset(self):
queryset = LeadContact.objects.all()
if (not user.has_perm('cms_sales.can_view_full_lead_contact_list') and
not user.has_parm('cms_sales.can_view_lead_contact')):
return queryset.none()
user = self.request.user
filter_date = self.request.query_params.get('filter_date', None)
search_params = self.request.query_params.get('search', None)
if filter_date is not None and (search_params is None or len(search_params) == 0):
queryset = queryset.filter(next_action_date=filter_date)
if user.has_perm('cms_sales.can_view_lead_contact') and not search_params:
queryset = queryset.filter(account_handler=user)
return queryset
Source:stackexchange.com