refactor: remove redundant permission

Author: hasnain-saeed

backend/backend/permissions.py

@@ -1,26 +1,12 @@
 from django.utils import timezone
-from rest_framework.permissions import SAFE_METHODS, BasePermission
+from rest_framework.permissions import BasePermission
 
 from .models import Role
 from .serializers import CreatePositionSerializer
 
 CAN_CREATE_POSITION_ROLES = ["admin", "fum", "board", "presidium", "group_leader"]
 
 
-class IsMemberOwner(BasePermission):
-    """
-    Permission to only allow owners of an object to edit/delete it.
-    """
-
-    def has_object_permission(self, request, view, obj):
-        # Allow read permissions for any request
-        if request.method in SAFE_METHODS:
-            return True
-
-        # Write permissions only to the owner
-        return obj.member == request.user
-
-
 # TODO: Should be removed if we're considering django-admin for admin functionalities
 class CanCreatePosition(BasePermission):
     """

backend/backend/views.py

@@ -11,7 +11,7 @@
 
 from .email import send_password_reset_email, send_verification_email
 from .models import Application, Position
-from .permissions import CanCreatePosition, IsMemberOwner
+from .permissions import CanCreatePosition
 from .serializers import (
     ApplicationSerializer,
     CreatePositionSerializer,
@@ -416,7 +416,7 @@ class ApplicationViewSet(ModelViewSet):
     - Destroy: Delete own application (only if draft status)
     """
 
-    permission_classes = [IsAuthenticated, IsMemberOwner]
+    permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
         """Get all applications with optimized queries"""
@@ -465,7 +465,6 @@ def destroy(self, request, *args, **kwargs):
 class PositionViewSet(ReadOnlyModelViewSet):
     queryset = Position.objects.all()
     serializer_class = PositionSerializer
-    permission_classes = [IsAuthenticated]
 
     def list(self, request):
         """Return both open positions and user's positions"""