feat(api): during permission checking, if model is an organization an…

…d the user is a manager allow access to the organization.

ref: #425 #426

app/api/views/mixin.py

@@ -15,12 +15,28 @@ class OrganizationPermissionAPI(DjangoObjectPermissions, OrganizationMixin):
 
     def has_permission(self, request, view):
 
-        return self.permission_check(request, view)
+        permission_check = self.permission_check(request, view)
+
+        if view.kwargs.get('pk', None):
+
+            if str(type(view.get_object()).__name__).lower() == 'organization':
+
+                return view.get_object().manager == request.user
+
+        return permission_check
 
 
     def has_object_permission(self, request, view, obj):
 
-        return self.permission_check(request, view, obj)
+        is_organization_manager: bool = False
+
+        if view.kwargs.get('pk', None):
+
+            if str(type(obj).__name__).lower() == 'organization':
+
+                return obj.manager == request.user
+
+        return self.permission_check(request, view)
 
 
     def permission_check(self, request, view, obj=None) -> bool: