From b313d6019f98b66cabc64c10edea8afd585ccd5f Mon Sep 17 00:00:00 2001
From: "Hassan D. M. Sambo" <hassandeme.mamasambo@gsa.gov>
Date: Thu, 15 Aug 2024 07:32:35 -0400
Subject: [PATCH] Change user profil level requirement on waiver UI (#4183)

---
 backend/audit/admin.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/backend/audit/admin.py b/backend/audit/admin.py
index 6619346069..0494886795 100644
--- a/backend/audit/admin.py
+++ b/backend/audit/admin.py
@@ -135,6 +135,21 @@ class SacValidationWaiverAdmin(admin.ModelAdmin):
     )
     autocomplete_fields = ["report_id"]
 
+    def has_add_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_module_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_view_permission(self, request, obj=None):
+        return request.user.is_staff
+
     def save_model(self, request, obj, form, change):
         try:
             sac = SingleAuditChecklist.objects.get(report_id=obj.report_id_id)
@@ -274,6 +289,21 @@ class UeiValidationWaiverAdmin(admin.ModelAdmin):
     )
     readonly_fields = ("timestamp",)
 
+    def has_add_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_change_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_delete_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_module_permission(self, request, obj=None):
+        return request.user.is_staff
+
+    def has_view_permission(self, request, obj=None):
+        return request.user.is_staff
+
     def save_model(self, request, obj, form, change):
         super().save_model(request, obj, form, change)
         logger.info(