feat: implement role-based permissions for product views

- Add view mixins (RoleRequiredMixin, OwnerRequiredMixin, ManagerOwnerRequiredMixin) to user_roles/mixins.py
- Replace PermissionRequiredMixin with ManagerOwnerRequiredMixin in all product views
- Remove permission_required attributes from view classes
- Owner and Manager roles now grant access without Django model permissions

This allows owners to access all product functionality through their custom role,
without needing to be superusers or have explicit Django permissions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

myproject/products/views/configurablekit_views.py

@@ -2,7 +2,7 @@
 CRUD представления для вариативных товаров (ConfigurableKitProduct).
 """
 from django.contrib import messages
-from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.views.generic import ListView, CreateView, DetailView, UpdateView, DeleteView
 from django.urls import reverse_lazy
 from django.db.models import Q, Prefetch
@@ -12,6 +12,7 @@ from django.views.decorators.http import require_POST
 from django.contrib.auth.decorators import login_required
 from django.db import transaction
 
+from user_roles.mixins import ManagerOwnerRequiredMixin
 from ..models import ConfigurableKitProduct, ConfigurableKitOption, ProductKit, ConfigurableKitProductAttribute
 from ..forms import (
     ConfigurableKitProductForm,
@@ -22,7 +23,7 @@ from ..forms import (
 )
 
 
-class ConfigurableKitProductListView(LoginRequiredMixin, ListView):
+class ConfigurableKitProductListView(LoginRequiredMixin, ManagerOwnerRequiredMixin, ListView):
     model = ConfigurableKitProduct
     template_name = 'products/configurablekit_list.html'
     context_object_name = 'configurable_kits'
@@ -79,7 +80,7 @@ class ConfigurableKitProductListView(LoginRequiredMixin, ListView):
         return context
 
 
-class ConfigurableKitProductDetailView(LoginRequiredMixin, DetailView):
+class ConfigurableKitProductDetailView(LoginRequiredMixin, ManagerOwnerRequiredMixin, DetailView):
     model = ConfigurableKitProduct
     template_name = 'products/configurablekit_detail.html'
     context_object_name = 'configurable_kit'
@@ -103,7 +104,7 @@ class ConfigurableKitProductDetailView(LoginRequiredMixin, DetailView):
         return context
 
 
-class ConfigurableKitProductCreateView(LoginRequiredMixin, CreateView):
+class ConfigurableKitProductCreateView(LoginRequiredMixin, ManagerOwnerRequiredMixin, CreateView):
     model = ConfigurableKitProduct
     form_class = ConfigurableKitProductForm
     template_name = 'products/configurablekit_form.html'
@@ -375,7 +376,7 @@ class ConfigurableKitProductCreateView(LoginRequiredMixin, CreateView):
         return reverse_lazy('products:configurablekit-detail', kwargs={'pk': self.object.pk})
 
 
-class ConfigurableKitProductUpdateView(LoginRequiredMixin, UpdateView):
+class ConfigurableKitProductUpdateView(LoginRequiredMixin, ManagerOwnerRequiredMixin, UpdateView):
     model = ConfigurableKitProduct
     form_class = ConfigurableKitProductForm
     template_name = 'products/configurablekit_form.html'
@@ -652,7 +653,7 @@ class ConfigurableKitProductUpdateView(LoginRequiredMixin, UpdateView):
         return reverse_lazy('products:configurablekit-detail', kwargs={'pk': self.object.pk})
 
 
-class ConfigurableKitProductDeleteView(LoginRequiredMixin, DeleteView):
+class ConfigurableKitProductDeleteView(LoginRequiredMixin, ManagerOwnerRequiredMixin, DeleteView):
     model = ConfigurableKitProduct
     template_name = 'products/configurablekit_confirm_delete.html'
     success_url = reverse_lazy('products:configurablekit-list')