From 25e92623fd2a993007148d346c45c4475fdbb06b Mon Sep 17 00:00:00 2001
From: xoliqberdiyev <xoliqberdiyevbehruz12@gmail.com>
Date: Tue, 5 May 2026 17:47:39 +0500
Subject: [PATCH] fix: allow all roles except 'user' on tech-passport endpoint

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 core/apps/evaluation/views/tech_passport.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/core/apps/evaluation/views/tech_passport.py b/core/apps/evaluation/views/tech_passport.py
index 66fd451..d2ecd63 100644
--- a/core/apps/evaluation/views/tech_passport.py
+++ b/core/apps/evaluation/views/tech_passport.py
@@ -1,7 +1,7 @@
 # rest framework
 from rest_framework.response import Response
 from rest_framework import status
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import BasePermission
 from rest_framework.generics import GenericAPIView
 
 # swagger
@@ -10,11 +10,18 @@ from drf_spectacular.utils import extend_schema
 # core apps
 from core.services.tech_passport import TechPassportService
 from core.apps.evaluation.serializers import TechPassportSerializer
+from core.apps.accounts.choices import RoleChoice
+
+
+class IsNotUserRole(BasePermission):
+    def has_permission(self, request, view):
+        if not request.user or not request.user.is_authenticated:
+            return False
+        return request.user.role != RoleChoice.USER
 
 
 class TechPassportAPIView(GenericAPIView):
-    authentication_classes = []
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsNotUserRole]
 
     @extend_schema(
         tags=["Tech Passport"],
-- 
2.49.1