phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix comment test and permission

Browse Source
This commit is contained in:
Виктор Гладких 2019-11-25 12:13:14 +03:00
parent 86500b6b88
commit 28a3e022f6
3 changed files with 31 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/comment/tests.py
View File

@ -15,9 +15,13 @@ class CommentModeratorPermissionTests(BasePermissionTests):
def setUp(self):
super().setUp()
self.site_ru, created = SiteSettings.objects.get_or_create(
subdomain='ru'
)
self.role = Role.objects.create(
role=2,
country=self.country_ru
site=self.site_ru
)
self.role.save()
@ -35,10 +39,6 @@ class CommentModeratorPermissionTests(BasePermissionTests):
self.user_test = get_tokens_for_user()
self.site_ru, created = SiteSettings.objects.get_or_create(
subdomain='ru'
)
self.comment = Comment.objects.create(text='Test comment', mark=1,
user=self.user_test["user"],
object_id=self.country_ru.pk,
@ -89,8 +89,9 @@ class CommentModeratorPermissionTests(BasePermissionTests):
"text": "test text moderator",
"mark": 1,
"user": self.moderator.id,
"object_id": self.comment.country_id,
"content_type": self.content_type.id
"object_id": self.country_ru.id,
"content_type": self.content_type.id,
'site_id': self.site_ru.id
}
response = self.client.put(self.url, data=data, format='json')

6
apps/comment/views/back.py
View File

@ -8,13 +8,13 @@ class CommentLstView(generics.ListCreateAPIView):
"""Comment list create view."""
serializer_class = serializers.CommentBaseSerializer
queryset = models.Comment.objects.all()
permission_classes = [permissions.IsAuthenticatedOrReadOnly| IsCommentModerator|IsCountryAdmin]
# permission_classes = [permissions.IsAuthenticatedOrReadOnly| IsCommentModerator|IsCountryAdmin]
class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Comment RUD view."""
serializer_class = serializers.CommentBaseSerializer
queryset = models.Comment.objects.all()
permission_classes = [IsCountryAdmin | IsCommentModerator]
permission_classes = [IsCommentModerator]
# permission_classes = [IsCountryAdmin | IsCommentModerator]
lookup_field = 'id'

32
apps/utils/permissions.py
View File

@ -100,7 +100,10 @@ class IsStandardUser(IsGuest):
if hasattr(obj, 'user'):
rules = [
obj.user == request.user and obj.user.email_confirmed,
obj.user == request.user
and obj.user.email_confirmed
and request.user.is_authenticated,
super().has_object_permission(request, view, obj)
]
@ -244,13 +247,12 @@ class IsCommentModerator(IsStandardUser):
super().has_permission(request, view)
]
# and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
if any(rules) and hasattr(request.data, 'site_id'):
# Read permissions are allowed to any request.
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
country_id=request.data.country_id) \
.first() # 'Comments moderator'
site_id=request.data.site_id) \
.first()
rules = [
UserRole.objects.filter(user=request.user, role=role).exists(),
@ -260,16 +262,22 @@ class IsCommentModerator(IsStandardUser):
return any(rules)
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request.
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
country_id=obj.country_id) \
.first() # 'Comments moderator'
rules = [
UserRole.objects.filter(user=request.user, role=role).exists() and
obj.user != request.user,
super().has_object_permission(request, view, obj)
]
if request.user.is_authenticated:
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
site_id=obj.site_id) \
.first() # 'Comments moderator'
rules = [
UserRole.objects.filter(user=request.user, role=role).exists() and
obj.user != request.user,
super().has_object_permission(request, view, obj)
]
return any(rules)
@ -335,7 +343,7 @@ class IsReviewerManager(IsStandardUser):
def has_object_permission(self, request, view, obj):
role = Role.objects.filter(role=Role.REVIEWER_MANGER,
country_id=obj.site_id) \
country_id=obj.country_id) \
.first()
rules = [