From b5476d9cb09e8b2b7d4603e2dc6af6be4787234a Mon Sep 17 00:00:00 2001
From: sm4640 <s1m0611@naver.com>
Date: Thu, 21 Aug 2025 00:30:21 +0900
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Feat:=20[#88]=20get=EC=9A=94?=
 =?UTF-8?q?=EC=B2=AD=20=EC=95=84=EB=8B=90=20=EB=95=8C,=20is=5Fpublished=3D?=
 =?UTF-8?q?False=20=ED=99=95=EC=9D=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nocodetools/permissions.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nocodetools/permissions.py b/nocodetools/permissions.py
index 30b032f..1489bf2 100644
--- a/nocodetools/permissions.py
+++ b/nocodetools/permissions.py
@@ -3,8 +3,26 @@ from rest_framework.permissions import BasePermission
 from projects.models import Project, ProjectTeamList
 from portfolios.models import Portfolio
 
+from .services import NocodetoolObjectMapService
+
 UNSAFE_REQUEST = ["POST", "PUT", "PATCH", "DELETE"]
 
+class IsNotPublished(BasePermission):
+    def has_permission(self, request, view):
+        if request.method not in UNSAFE_REQUEST:
+            return True
+
+        related_type = request.query_params.get("type")
+        related_id = request.query_params.get("id")
+
+        if not related_type or not related_id:
+            return False
+
+        if obj := NocodetoolObjectMapService.mapping_model_instance(related_type, related_id):
+            if not obj.is_published:
+                return True
+        return False
+
 class IsOwnerOrMemberInCreateAndUpdateAndDelete(BasePermission):
     def has_permission(self, request, view):
         if request.method not in UNSAFE_REQUEST: