1

2019-10-14 17:32:34 +03:00 · 2019-10-14 17:32:34 +03:00 · 1bd3cc9170
commit 1bd3cc9170
parent 0656e2ae32
2 changed files with 21 additions and 4 deletions
--- a/apps/account/models.py
+++ b/apps/account/models.py
@ -23,14 +23,17 @@ class Role(ProjectBaseMixin):
    """Base Role model."""
    STANDARD_USER = 1
    COMMENTS_MODERATOR = 2
+    COUNTRY_ADMIN = 3

    ROLE_CHOICES = (
        (STANDARD_USER, 'Standard user'),
        (COMMENTS_MODERATOR, 'Comments moderator'),
+        (COUNTRY_ADMIN, 'Country admin'),
    )
    role = models.PositiveIntegerField(verbose_name=_('Role'), choices=ROLE_CHOICES,
                                       null=False, blank=False)
-    country = models.ForeignKey(Country, verbose_name=_('Country'), on_delete=models.CASCADE)
+    country = models.ForeignKey(Country, verbose_name=_('Country'),
+                                null=True, blank=True, on_delete=models.SET_NULL)
    # is_list = models.BooleanField(verbose_name=_('list'), default=True, null=False)
    # is_create = models.BooleanField(verbose_name=_('create'), default=False, null=False)
    # is_update = models.BooleanField(verbose_name=_('update'), default=False, null=False)
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -54,7 +54,7 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
    Object-level permission to only allow owners of an object to edit it.
    """
    def has_object_permission(self, request, view, obj):
-        if request.method in permissions.SAFE_METHODS:
+        if request.method in permissions.SAFE_METHODS or request.user.is_superuser:
            return True

        return False
@ -68,8 +68,7 @@ class IsStandardUser(IsGuest):
    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request
        if super().has_object_permission(request, view, obj) or\
-                (obj.user == request.user and obj.user.email_confirmed) \
-                or request.user.is_superuser:
+                (obj.user == request.user and obj.user.email_confirmed):
            return True
        return False

@ -96,3 +95,18 @@ class IsCommentModerator(IsStandardUser):
            return True

        return False
+
+
+class IsCountryAdmin(IsGuest):
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request.
+
+        # Must have role
+        role = Role.objects.filter(role=Role.COUNTRY_ADMIN).first()  # 'Country admin'
+        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
+
+        if super().has_object_permission(request, view, obj) and is_access:
+            return True
+
+        return False