Fix country and comment role

apps/comment/serializers/back.py

@@ -6,4 +6,4 @@ from rest_framework import serializers
 class CommentBaseSerializer(serializers.ModelSerializer):
     class Meta:
         model = models.Comment
-        fields = ('id', 'text', 'mark', 'user')
+        fields = ('id', 'text', 'mark', 'user', 'object_id', 'content_type')

apps/comment/tests.py

@@ -5,9 +5,8 @@ from django.urls import reverse
 from django.contrib.contenttypes.models import ContentType
 from http.cookies import SimpleCookie
 from account.models import Role, User, UserRole
-from account.serializers.common import UserSerializer
 from comment.models import Comment
-import json
+
 
 class CommentModeratorPermissionTests(BasePermissionTests):
     def setUp(self):
@@ -46,36 +45,30 @@ class CommentModeratorPermissionTests(BasePermissionTests):
 
         comment = {
             "text": "Test comment POST",
-            "user_id": self.user_test["user"].id,
+            "user": self.user_test["user"].id,
             "object_id": self.country_ru.pk,
-            "content_type_id": self.content_type.id,
+            "content_type": self.content_type.id,
             "country_id": self.country_ru.id
         }
-        #
-        # response = self.client.post(self.url, format='json', data=comment)
-        # self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
-        json_user = json.dumps(self.moderator)
-        user = UserSerializer(data=self.moderator)
-        user.is_valid()
-        u_data = user.data
-        self.assertFalse(user.is_valid())
-        # comment = {
-        #     "text": "Test comment POST moder",
-        #     "user": user,
-        #     "object_id": self.country_ru.pk,
-        #     "content_type_id": self.content_type.id,
-        #     "country_id": self.country_ru.id
-        # }
-        # #
-        # tokens = User.create_jwt_tokens(self.moderator)
-        # self.client.cookies = SimpleCookie(
-        #     {'access_token': tokens.get('access_token'),
-        #      'refresh_token': tokens.get('access_token')})
-        #
-        # response = self.client.post(self.url, format='json', data=comment)
-        # self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
-        # self.assertTrue(True)
+        response = self.client.post(self.url, format='json', data=comment)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+        comment = {
+            "text": "Test comment POST moder",
+            "user": self.moderator.id,
+            "object_id": self.country_ru.id,
+            "content_type": self.content_type.id,
+            "country_id": self.country_ru.id
+        }
+
+        tokens = User.create_jwt_tokens(self.moderator)
+        self.client.cookies = SimpleCookie(
+            {'access_token': tokens.get('access_token'),
+             'refresh_token': tokens.get('access_token')})
+
+        response = self.client.post(self.url, format='json', data=comment)
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
     def test_put_moderator(self):
         tokens = User.create_jwt_tokens(self.moderator)
@@ -87,7 +80,9 @@ class CommentModeratorPermissionTests(BasePermissionTests):
             "id": self.comment.id,
             "text": "test text moderator",
             "mark": 1,
-            "user": self.moderator.id
+            "user": self.moderator.id,
+            "object_id": self.comment.country_id,
+            "content_type": self.content_type.id
         }
 
         response = self.client.put(self.url, data=data, format='json')
@@ -134,9 +129,10 @@ class CommentModeratorPermissionTests(BasePermissionTests):
             "id": self.comment.id,
             "text": "test text moderator",
             "mark": 1,
-            "user": super_user.id
+            "user": super_user.id,
+            "object_id": self.country_ru.id,
+            "content_type": self.content_type.id,
         }
-
         response = self.client.put(self.url, data=data, format='json')
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 

apps/comment/views/back.py

@@ -8,7 +8,7 @@ class CommentLstView(generics.ListCreateAPIView):
     """Comment list create view."""
     serializer_class = serializers.CommentBaseSerializer
     queryset = models.Comment.objects.all()
-    permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCommentModerator]
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCountryAdmin|IsCommentModerator]
 
 
 class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):

apps/utils/permissions.py

@@ -126,6 +126,26 @@ class IsCountryAdmin(IsStandardUser):
         Object-level permission to only allow owners of an object to edit it.
         Assumes the model instance has an `owner` attribute.
     """
+
+    def has_permission(self, request, view):
+        rules = [
+            super().has_permission(request, view)
+        ]
+
+        # and request.user.email_confirmed,
+        if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
+            # Read permissions are allowed to any request.
+
+            role = Role.objects.filter(role=Role.COUNTRY_ADMIN,
+                                       country_id=request.data.country_id) \
+                .first()  # 'Comments moderator'
+
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role).exists(),
+                super().has_permission(request, view)
+            ]
+        return any(rules)
+
     def has_object_permission(self, request, view, obj):
         # Read permissions are allowed to any request.
         role = Role.objects.filter(role=Role.COUNTRY_ADMIN,

apps/utils/tests/tests_permissions.py

@@ -9,10 +9,11 @@ class BasePermissionTests(APITestCase):
             title='Russia',
             locale='ru-RU'
         )
+        self.lang.save()
 
         self.country_ru = Country.objects.get(
             name={"en-GB": "Russian"}
         )
-
+        self.country_ru.save()