diff --git a/apps/comment/serializers/back.py b/apps/comment/serializers/back.py index d0cd47c8..325086c0 100644 --- a/apps/comment/serializers/back.py +++ b/apps/comment/serializers/back.py @@ -6,4 +6,4 @@ from rest_framework import serializers class CommentBaseSerializer(serializers.ModelSerializer): class Meta: model = models.Comment - fields = ('id', 'text', 'mark', 'user') \ No newline at end of file + fields = ('id', 'text', 'mark', 'user', 'object_id', 'content_type') \ No newline at end of file diff --git a/apps/comment/tests.py b/apps/comment/tests.py index 87b7d32f..e91ee2f4 100644 --- a/apps/comment/tests.py +++ b/apps/comment/tests.py @@ -5,9 +5,8 @@ from django.urls import reverse from django.contrib.contenttypes.models import ContentType from http.cookies import SimpleCookie from account.models import Role, User, UserRole -from account.serializers.common import UserSerializer from comment.models import Comment -import json + class CommentModeratorPermissionTests(BasePermissionTests): def setUp(self): @@ -46,36 +45,30 @@ class CommentModeratorPermissionTests(BasePermissionTests): comment = { "text": "Test comment POST", - "user_id": self.user_test["user"].id, + "user": self.user_test["user"].id, "object_id": self.country_ru.pk, - "content_type_id": self.content_type.id, + "content_type": self.content_type.id, "country_id": self.country_ru.id } - # - # response = self.client.post(self.url, format='json', data=comment) - # self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) - json_user = json.dumps(self.moderator) - user = UserSerializer(data=self.moderator) - user.is_valid() - u_data = user.data - self.assertFalse(user.is_valid()) - # comment = { - # "text": "Test comment POST moder", - # "user": user, - # "object_id": self.country_ru.pk, - # "content_type_id": self.content_type.id, - # "country_id": self.country_ru.id - # } - # # - # tokens = User.create_jwt_tokens(self.moderator) - # self.client.cookies = SimpleCookie( - # {'access_token': tokens.get('access_token'), - # 'refresh_token': tokens.get('access_token')}) - # - # response = self.client.post(self.url, format='json', data=comment) - # self.assertEqual(response.status_code, status.HTTP_201_CREATED) - # self.assertTrue(True) + response = self.client.post(self.url, format='json', data=comment) + self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + + comment = { + "text": "Test comment POST moder", + "user": self.moderator.id, + "object_id": self.country_ru.id, + "content_type": self.content_type.id, + "country_id": self.country_ru.id + } + + tokens = User.create_jwt_tokens(self.moderator) + self.client.cookies = SimpleCookie( + {'access_token': tokens.get('access_token'), + 'refresh_token': tokens.get('access_token')}) + + response = self.client.post(self.url, format='json', data=comment) + self.assertEqual(response.status_code, status.HTTP_201_CREATED) def test_put_moderator(self): tokens = User.create_jwt_tokens(self.moderator) @@ -87,7 +80,9 @@ class CommentModeratorPermissionTests(BasePermissionTests): "id": self.comment.id, "text": "test text moderator", "mark": 1, - "user": self.moderator.id + "user": self.moderator.id, + "object_id": self.comment.country_id, + "content_type": self.content_type.id } response = self.client.put(self.url, data=data, format='json') @@ -134,9 +129,10 @@ class CommentModeratorPermissionTests(BasePermissionTests): "id": self.comment.id, "text": "test text moderator", "mark": 1, - "user": super_user.id + "user": super_user.id, + "object_id": self.country_ru.id, + "content_type": self.content_type.id, } - response = self.client.put(self.url, data=data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) diff --git a/apps/comment/views/back.py b/apps/comment/views/back.py index 25c10a62..8d836177 100644 --- a/apps/comment/views/back.py +++ b/apps/comment/views/back.py @@ -8,7 +8,7 @@ class CommentLstView(generics.ListCreateAPIView): """Comment list create view.""" serializer_class = serializers.CommentBaseSerializer queryset = models.Comment.objects.all() - permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCommentModerator] + permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCountryAdmin|IsCommentModerator] class CommentRUDView(generics.RetrieveUpdateDestroyAPIView): diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py index aee2ab57..8ad1ae32 100644 --- a/apps/utils/permissions.py +++ b/apps/utils/permissions.py @@ -126,6 +126,26 @@ class IsCountryAdmin(IsStandardUser): Object-level permission to only allow owners of an object to edit it. Assumes the model instance has an `owner` attribute. """ + + def has_permission(self, request, view): + rules = [ + super().has_permission(request, view) + ] + + # and request.user.email_confirmed, + if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'): + # Read permissions are allowed to any request. + + role = Role.objects.filter(role=Role.COUNTRY_ADMIN, + country_id=request.data.country_id) \ + .first() # 'Comments moderator' + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_permission(request, view) + ] + return any(rules) + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request. role = Role.objects.filter(role=Role.COUNTRY_ADMIN, diff --git a/apps/utils/tests/tests_permissions.py b/apps/utils/tests/tests_permissions.py index edc1a5d7..3bba7b7d 100644 --- a/apps/utils/tests/tests_permissions.py +++ b/apps/utils/tests/tests_permissions.py @@ -9,10 +9,11 @@ class BasePermissionTests(APITestCase): title='Russia', locale='ru-RU' ) + self.lang.save() self.country_ru = Country.objects.get( name={"en-GB": "Russian"} ) - + self.country_ru.save()