phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

modified role model

Browse Source
This commit is contained in:
Anatoly 2020-01-24 18:04:32 +03:00
parent 36c4641ed0
commit 38a6508396
7 changed files with 265 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/account/admin.py
View File

@ -7,14 +7,14 @@ from account import models
@admin.register(models.Role) @admin.register(models.Role)
class RoleAdmin(admin.ModelAdmin): class RoleAdmin(admin.ModelAdmin):
list_display = ['id', 'role', 'country'] list_display = ['id', 'role', 'country', 'establishment_subtype', ]
raw_id_fields = ['country', ] raw_id_fields = ['country', 'establishment_subtype', ]
@admin.register(models.UserRole) @admin.register(models.UserRole)
class UserRoleAdmin(admin.ModelAdmin): class UserRoleAdmin(admin.ModelAdmin):
list_display = ['user', 'role', 'establishment', ] list_display = ['user', 'role', ]
raw_id_fields = ['user', 'role', 'establishment', 'requester', ] raw_id_fields = ['user', 'role', 'requester', 'establishment', ]
@admin.register(models.User) @admin.register(models.User)

28
apps/account/models.py
View File

@ -49,8 +49,9 @@ class Role(ProjectBaseMixin):
SALES_MAN = 8 SALES_MAN = 8
WINERY_REVIEWER = 9 # Establishments subtype "winery" WINERY_REVIEWER = 9 # Establishments subtype "winery"
SELLER = 10 SELLER = 10
LIQUOR_REVIEWER = 11 DISTILLERY_LIQUOR_INSPECTOR = 11
PRODUCT_REVIEWER = 12 PRODUCT_REVIEWER = 12
ESTABLISHMENT_ADMINISTRATOR = 13
ROLE_CHOICES = ( ROLE_CHOICES = (
(STANDARD_USER, _('Standard user')), (STANDARD_USER, _('Standard user')),
@ -63,10 +64,21 @@ class Role(ProjectBaseMixin):
(SALES_MAN, _('Sales man')), (SALES_MAN, _('Sales man')),
(WINERY_REVIEWER, _('Winery reviewer')), (WINERY_REVIEWER, _('Winery reviewer')),
(SELLER, _('Seller')), (SELLER, _('Seller')),
(LIQUOR_REVIEWER, _('Liquor reviewer')), (DISTILLERY_LIQUOR_INSPECTOR, _('Distillery & Liquor inspector')),
(PRODUCT_REVIEWER, _('Product reviewer')), (PRODUCT_REVIEWER, _('Product reviewer')),
(ESTABLISHMENT_ADMINISTRATOR, _('Establishment administrator')),
) )
ESTABLISHMENT_EDITORS = [
COUNTRY_ADMIN,
ESTABLISHMENT_MANAGER,
ESTABLISHMENT_ADMINISTRATOR,
]
PRODUCT_EDITORS = ESTABLISHMENT_EDITORS + [
DISTILLERY_LIQUOR_INSPECTOR
]
role = models.PositiveIntegerField(verbose_name=_('Role'), choices=ROLE_CHOICES, role = models.PositiveIntegerField(verbose_name=_('Role'), choices=ROLE_CHOICES,
null=False, blank=False) null=False, blank=False)
country = models.ForeignKey(Country, verbose_name=_('Country'), country = models.ForeignKey(Country, verbose_name=_('Country'),
@ -480,6 +492,18 @@ class UserRoleQueryset(models.QuerySet):
}) })
return role_counter return role_counter
def validated(self):
"""Filter QuerySet by state."""
return self.filter(state=self.model.VALIDATED)
def establishment_editors(self):
"""Return QuerySet filtered by role and state."""
return self.validated().filter(role__role__in=Role.ESTABLISHMENT_EDITORS)
def product_editors(self):
"""Return QuerySet filtered by role and state."""
return self.validated().filter(role__role__in=Role.PRODUCT_EDITORS)
class UserRole(ProjectBaseMixin): class UserRole(ProjectBaseMixin):
"""UserRole model.""" """UserRole model."""

30
apps/establishment/models.py
View File

@ -514,6 +514,29 @@ class EstablishmentQuerySet(models.QuerySet):
to_attr='main_image') to_attr='main_image')
) )
def available_establishments(self, user, country_code: str = None):
"""Return QuerySet with establishment that is available for editing."""
from account.models import UserRole
available_ids = Subquery(
UserRole.objects.filter(user=user)
.distinct('user', 'establishment')
.values_list('establishment', flat=True)
)
filters = {}
if country_code:
filters.update({'address__city__country__code': country_code,
'id__in': available_ids})
return self.filter(**filters)
def available_objects(self, user, country_code: str = None):
access_roles = user.userrole_set.establishment_editors()
if access_roles.exists():
return self.available_establishments(user, country_code)
return self.none()
class Establishment(GalleryMixin, ProjectBaseMixin, URLImageMixin, class Establishment(GalleryMixin, ProjectBaseMixin, URLImageMixin,
TranslatedFieldsMixin, HasTagsMixin, FavoritesMixin): TranslatedFieldsMixin, HasTagsMixin, FavoritesMixin):
@ -767,13 +790,6 @@ class Establishment(GalleryMixin, ProjectBaseMixin, URLImageMixin,
""" """
return self.address.country_id if hasattr(self.address, 'country_id') else None return self.address.country_id if hasattr(self.address, 'country_id') else None
@property
def establishment_id(self):
"""
Return establishment id of establishment location
"""
return self.id
@property @property
def wines(self): def wines(self):
"""Return list products with type wine""" """Return list products with type wine"""

26
apps/establishment/views/back.py
View File

@ -1,5 +1,4 @@
"""Establishment app views.""" """Establishment app views."""
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from rest_framework import generics, permissions, status from rest_framework import generics, permissions, status
@ -10,7 +9,9 @@ from establishment import filters, models, serializers
from establishment.models import EstablishmentEmployee from establishment.models import EstablishmentEmployee
from timetable.models import Timetable from timetable.models import Timetable
from timetable.serialziers import ScheduleCreateSerializer, ScheduleRUDSerializer from timetable.serialziers import ScheduleCreateSerializer, ScheduleRUDSerializer
from utils.permissions import IsCountryAdmin, IsEstablishmentManager, IsWineryReviewer from utils.permissions import (
IsCountryAdmin, IsEstablishmentManager,
IsWineryReviewer, IsEstablishmentAdministrator)
from utils.views import CreateDestroyGalleryViewMixin from utils.views import CreateDestroyGalleryViewMixin
@ -18,7 +19,7 @@ class EstablishmentMixinViews:
"""Establishment mixin.""" """Establishment mixin."""
def get_queryset(self): def get_queryset(self):
"""Overrided method 'get_queryset'.""" """Overridden method 'get_queryset'."""
return models.Establishment.objects.with_base_related() return models.Establishment.objects.with_base_related()
@ -27,10 +28,20 @@ class EstablishmentListCreateView(EstablishmentMixinViews, generics.ListCreateAP
filter_class = filters.EstablishmentFilter filter_class = filters.EstablishmentFilter
permission_classes = [IsWineryReviewer | IsCountryAdmin | IsEstablishmentManager] permission_classes = [
IsWineryReviewer |
IsCountryAdmin |
IsEstablishmentManager |
IsEstablishmentAdministrator
]
queryset = models.Establishment.objects.all() queryset = models.Establishment.objects.all()
serializer_class = serializers.EstablishmentListCreateSerializer serializer_class = serializers.EstablishmentListCreateSerializer
def get_queryset(self):
"""Overridden get_queryset method."""
qs = super(EstablishmentListCreateView, self).get_queryset()
return qs.available_objects(self.request.user, self.request.country_code)
class EmployeeEstablishmentsListView(generics.ListAPIView): class EmployeeEstablishmentsListView(generics.ListAPIView):
"""Establishment by employee list view.""" """Establishment by employee list view."""
@ -52,7 +63,12 @@ class EstablishmentRUDView(generics.RetrieveUpdateDestroyAPIView):
'establishmentemployee_set__establishment', 'establishmentemployee_set__establishment',
) )
serializer_class = serializers.EstablishmentRUDSerializer serializer_class = serializers.EstablishmentRUDSerializer
permission_classes = [IsWineryReviewer | IsCountryAdmin | IsEstablishmentManager] permission_classes = [
IsWineryReviewer |
IsCountryAdmin |
IsEstablishmentManager |
IsEstablishmentAdministrator
]
class EstablishmentScheduleRUDView(generics.RetrieveUpdateDestroyAPIView): class EstablishmentScheduleRUDView(generics.RetrieveUpdateDestroyAPIView):

18
apps/product/models.py
View File

@ -9,6 +9,7 @@ from django.core.validators import MaxValueValidator, MinValueValidator
from django.db import models from django.db import models
from django.db.models import Case, When, F from django.db.models import Case, When, F
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.db.models import Subquery
from location.models import WineOriginAddressMixin from location.models import WineOriginAddressMixin
from review.models import Review from review.models import Review
@ -227,6 +228,23 @@ class ProductQuerySet(models.QuerySet):
.distinct(*similarity_rules['distinction'], .distinct(*similarity_rules['distinction'],
'id') 'id')
def available_products(self, user):
"""Return QuerySet with products that is available for editing."""
from account.models import UserRole
available_ids = Subquery(
UserRole.objects.filter(user=user)
.distinct('user', 'establishment')
.values_list('establishment__products', flat=True)
)
return self.filter(id__in=available_ids)
def available_objects(self, user):
access_roles = user.userrole_set.product_editors()
if access_roles.exists():
return self.available_products(user)
return self.none()
class Product(GalleryMixin, TranslatedFieldsMixin, BaseAttributes, class Product(GalleryMixin, TranslatedFieldsMixin, BaseAttributes,
HasTagsMixin, FavoritesMixin): HasTagsMixin, FavoritesMixin):

29
apps/product/views/back.py
View File

@ -2,12 +2,16 @@
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework import generics, status, permissions, views from rest_framework import generics, status, permissions, views
from rest_framework.response import Response from rest_framework.response import Response
from django.db.models import Prefetch
from product import serializers, models from product import serializers, models
from location.models import Address, City, Country
from product.views import ProductBaseView from product.views import ProductBaseView
from utils.serializers import ImageBaseSerializer from utils.serializers import ImageBaseSerializer
from utils.views import CreateDestroyGalleryViewMixin from utils.views import CreateDestroyGalleryViewMixin
from utils.permissions import IsLiquorReviewer, IsProductReviewer from utils.permissions import (
IsDistilleryLiquorInspector, IsProductReviewer,
IsEstablishmentManager, IsEstablishmentAdministrator)
class ProductBackOfficeMixinView(ProductBaseView): class ProductBackOfficeMixinView(ProductBaseView):
@ -17,7 +21,7 @@ class ProductBackOfficeMixinView(ProductBaseView):
def get_queryset(self): def get_queryset(self):
"""Override get_queryset method.""" """Override get_queryset method."""
qs = models.Product.objects.annotate_in_favorites(self.request.user) qs = models.Product.objects.with_extended_related().annotate_in_favorites(self.request.user)
return qs return qs
@ -92,14 +96,29 @@ class ProductDetailBackOfficeView(ProductBackOfficeMixinView,
generics.RetrieveUpdateDestroyAPIView): generics.RetrieveUpdateDestroyAPIView):
"""Product back-office R/U/D view.""" """Product back-office R/U/D view."""
serializer_class = serializers.ProductBackOfficeDetailSerializer serializer_class = serializers.ProductBackOfficeDetailSerializer
permission_classes = [IsLiquorReviewer | IsProductReviewer] permission_classes = [
# IsLiquorReviewer |
# IsProductReviewer |
IsEstablishmentManager |
IsEstablishmentAdministrator
]
class ProductListCreateBackOfficeView(BackOfficeListCreateMixin, ProductBackOfficeMixinView, class ProductListCreateBackOfficeView(ProductBackOfficeMixinView,
generics.ListCreateAPIView): generics.ListCreateAPIView):
"""Product back-office list-create view.""" """Product back-office list-create view."""
serializer_class = serializers.ProductBackOfficeDetailSerializer serializer_class = serializers.ProductBackOfficeDetailSerializer
permission_classes = [IsLiquorReviewer | IsProductReviewer] permission_classes = [
IsDistilleryLiquorInspector |
IsProductReviewer |
IsEstablishmentAdministrator |
IsEstablishmentManager
]
def get_queryset(self):
"""Overridden get_queryset method."""
qs = super(ProductListCreateBackOfficeView, self).get_queryset()
return qs.available_objects(self.request.user)
class ProductTypeListCreateBackOfficeView(BackOfficeListCreateMixin, class ProductTypeListCreateBackOfficeView(BackOfficeListCreateMixin,

298
apps/utils/permissions.py
View File

@ -7,7 +7,7 @@ from rest_framework_simplejwt.tokens import AccessToken
from account.models import UserRole, Role from account.models import UserRole, Role
from authorization.models import JWTRefreshToken from authorization.models import JWTRefreshToken
from utils.tokens import GMRefreshToken from utils.tokens import GMRefreshToken
from establishment.models import EstablishmentSubType from establishment.models import EstablishmentSubType, Establishment
from location.models import Address from location.models import Address
from product.models import Product, ProductType from product.models import Product, ProductType
@ -47,7 +47,7 @@ class IsRefreshTokenValid(permissions.BasePermission):
return False return False
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request, # Read permissions are allowed to all request,
# so we'll always allow GET, HEAD or OPTIONS requests. # so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS or \ if request.method in permissions.SAFE_METHODS or \
obj.user == request.user or request.user.is_superuser: obj.user == request.user or request.user.is_superuser:
@ -59,24 +59,23 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
""" """
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
""" """
SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
request.user.is_superuser, request.user.is_anonymous,
request.method in permissions.SAFE_METHODS request.method in permissions.SAFE_METHODS
] ]
return any(rules) return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
rules = [ rules = [
request.user.is_superuser, request.user.is_anonymous,
request.method in permissions.SAFE_METHODS request.method in permissions.SAFE_METHODS
] ]
return any(rules) return all(rules)
class IsStandardUser(IsGuest): class IsStandardUser(permissions.IsAuthenticated):
""" """
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute. Assumes the model instance has an `owner` attribute.
@ -85,8 +84,7 @@ class IsStandardUser(IsGuest):
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [super().has_permission(request, view), rules = [super().has_permission(request, view),
request.user.is_authenticated, request.user.email_confirmed,
hasattr(request, 'user')
] ]
return any(rules) return any(rules)
@ -95,8 +93,7 @@ class IsStandardUser(IsGuest):
# Read permissions are allowed to any request # Read permissions are allowed to any request
rules = [super().has_object_permission(request, view, obj), rules = [super().has_object_permission(request, view, obj),
request.user.is_authenticated, request.user.email_confirmed,
hasattr(request, 'user')
] ]
return any(rules) return any(rules)
@ -133,10 +130,10 @@ class IsContentPageManager(IsStandardUser):
super().has_permission(request, view) super().has_permission(request, view)
] ]
return any(rules) return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request. # Read permissions are allowed to all request.
if hasattr(obj, 'site_id'): if hasattr(obj, 'site_id'):
role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER, role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
site_id=obj.site_id) \ site_id=obj.site_id) \
@ -156,7 +153,7 @@ class IsContentPageManager(IsStandardUser):
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
] ]
return any(rules) return all(rules)
class IsCountryAdmin(IsStandardUser): class IsCountryAdmin(IsStandardUser):
@ -169,11 +166,12 @@ class IsCountryAdmin(IsStandardUser):
rules = [ rules = [
super().has_permission(request, view) super().has_permission(request, view)
] ]
rule = False
# and request.user.email_confirmed, # and request.user.email_confirmed,
if hasattr(request.data, 'user'): if hasattr(request.data, 'user'):
if hasattr(request.data, 'site_id'): if hasattr(request.data, 'site_id'):
# Read permissions are allowed to any request. # Read permissions are allowed to all request.
role = Role.objects.filter(role=Role.COUNTRY_ADMIN, role = Role.objects.filter(role=Role.COUNTRY_ADMIN,
site_id=request.data.site_id) \ site_id=request.data.site_id) \
.first() .first()
@ -184,22 +182,24 @@ class IsCountryAdmin(IsStandardUser):
] ]
elif hasattr(request.data, 'country_id'): elif hasattr(request.data, 'country_id'):
role = Role.objects.filter(role=Role.COUNTRY_ADMIN, role = Role.objects.filter(
country_id=request.data.country_id) \ role=Role.COUNTRY_ADMIN,
.first() country_id=request.data.country_id
).first()
rules = [ rules = [
UserRole.objects.filter(user=request.user, role=role).exists(), UserRole.objects.filter(user=request.user, role=role).exists(),
super().has_permission(request, view) super().has_permission(request, view)
] ]
return any(rules) rules.append(rule)
return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request. # Read permissions are allowed to all request.
if hasattr(obj, 'site_id'): if hasattr(obj, 'site_id'):
role = Role.objects.filter(role=Role.COUNTRY_ADMIN, role = Role.objects.filter(
site_id=obj.site_id) \ role=Role.COUNTRY_ADMIN,
.first() site_id=obj.site_id
).first()
rules = [ rules = [
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
@ -225,7 +225,7 @@ class IsCountryAdmin(IsStandardUser):
super().has_object_permission(request, view, obj), super().has_object_permission(request, view, obj),
] ]
return any(rules) return all(rules)
class IsCommentModerator(IsStandardUser): class IsCommentModerator(IsStandardUser):
@ -239,8 +239,8 @@ class IsCommentModerator(IsStandardUser):
super().has_permission(request, view) super().has_permission(request, view)
] ]
if any(rules) and hasattr(request.data, 'site_id'): if all(rules) and hasattr(request.data, 'site_id'):
# Read permissions are allowed to any request. # Read permissions are allowed to all request.
role = Role.objects.filter(role=Role.COMMENTS_MODERATOR, role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
site_id=request.data.site_id) \ site_id=request.data.site_id) \
@ -251,7 +251,7 @@ class IsCommentModerator(IsStandardUser):
super().has_permission(request, view) super().has_permission(request, view)
] ]
return any(rules) return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
@ -270,7 +270,7 @@ class IsCommentModerator(IsStandardUser):
obj.user != request.user, obj.user != request.user,
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
] ]
return any(rules) return all(rules)
class IsEstablishmentManager(IsStandardUser): class IsEstablishmentManager(IsStandardUser):
@ -279,40 +279,69 @@ class IsEstablishmentManager(IsStandardUser):
rules = [ rules = [
super().has_permission(request, view) super().has_permission(request, view)
] ]
rule = False
if (request.user.is_authenticated and
hasattr(request, 'country_code') and
request.country_code):
user = request.user
role = Role.objects.filter(
role=Role.ESTABLISHMENT_MANAGER, site__country__code=request.country_code,
).only('id')
if role.exists():
user_role = UserRole.objects.filter(
user=user, role__id__in=role.values_list('id', flat=True),
)
rule = True if user_role.exists() else rule
rules.append(rule)
return all(rules)
if hasattr(request.data, 'user'): def has_object_permission(self, request, view, obj):
if hasattr(request.data, 'establishment_id'): return self.has_permission(request, view)
role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
.first()
rules = [
UserRole.objects.filter(user=request.user, role=role, class IsEstablishmentAdministrator(IsStandardUser):
establishment_id=request.data.establishment_id
).exists(), def has_permission(self, request, view):
super().has_permission(request, view) rules = [
] super().has_permission(request, view)
return any(rules) ]
rule = False
if (request.user.is_authenticated and
hasattr(request, 'country_code') and
request.country_code):
user = request.user
role = Role.objects.filter(
role=Role.ESTABLISHMENT_ADMINISTRATOR, site__country__code=request.country_code,
).only('id')
if role.exists():
user_role = UserRole.objects.filter(
user=user, role__id__in=role.values_list('id', flat=True),
)
rule = True if user_role.exists() else rule
rules.append(rule)
return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
rules = [ rules = [
# special!
super().has_permission(request, view) super().has_permission(request, view)
] ]
rule = False
role = Role.objects.filter(role=Role.ESTABLISHMENT_ADMINISTRATOR).only('id')
if request.user.is_authenticated and role.exists() and hasattr(obj, 'id'):
user = request.user
filters = {
'user': user,
'role__id__in': role.values_list('id', flat=True),
}
if isinstance(obj, Establishment):
filters.update({'establishment__id': obj.id})
role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ if isinstance(obj, Product):
.first() filters.update({'establishment__products__id': obj.id})
rule = True if UserRole.objects.filter(**filters).exists() else rule
if hasattr(obj, 'establishment_id'): rules.append(rule)
rules = [ return all(rules)
UserRole.objects.filter(user=request.user, role=role,
establishment_id=obj.establishment_id
).exists(),
# special!
super().has_permission(request, view)
]
return any(rules)
class IsReviewerManager(IsStandardUser): class IsReviewerManager(IsStandardUser):
@ -324,8 +353,8 @@ class IsReviewerManager(IsStandardUser):
# and request.user.email_confirmed, # and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'site_id'): if hasattr(request.data, 'user') and hasattr(request.data, 'site_id'):
role = Role.objects.filter(role=Role.REVIEWER_MANGER) \ role = Role.objects.filter(role=Role.REVIEWER_MANGER
.first() ).first()
rules = [ rules = [
UserRole.objects.filter(user=request.user, role=role, UserRole.objects.filter(user=request.user, role=role,
@ -333,7 +362,7 @@ class IsReviewerManager(IsStandardUser):
).exists(), ).exists(),
super().has_permission(request, view) super().has_permission(request, view)
] ]
return any(rules) return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
role = Role.objects.filter(role=Role.REVIEWER_MANGER, role = Role.objects.filter(role=Role.REVIEWER_MANGER,
@ -345,7 +374,7 @@ class IsReviewerManager(IsStandardUser):
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
] ]
return any(rules) return all(rules)
class IsRestaurantReviewer(IsStandardUser): class IsRestaurantReviewer(IsStandardUser):
@ -366,7 +395,7 @@ class IsRestaurantReviewer(IsStandardUser):
).exists(), ).exists(),
super().has_permission(request, view) super().has_permission(request, view)
] ]
return any(rules) return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
content_type = ContentType.objects.get(app_lable='establishment', content_type = ContentType.objects.get(app_lable='establishment',
@ -383,7 +412,7 @@ class IsRestaurantReviewer(IsStandardUser):
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
] ]
return any(rules) return all(rules)
class IsWineryReviewer(IsStandardUser): class IsWineryReviewer(IsStandardUser):
@ -393,107 +422,78 @@ class IsWineryReviewer(IsStandardUser):
super().has_permission(request, view) super().has_permission(request, view)
] ]
if 'type_id' in request.data and 'address_id' in request.data and request.user: rule = False
countries = Address.objects.filter(id=request.data['address_id']) if request.user.is_authenticated:
if hasattr(request, 'data'):
type_id = request.data.get('type_id')
address_id = request.data.get('address_id')
est = EstablishmentSubType.objects.filter(establishment_type_id=request.data['type_id']) if type_id and address_id:
if est.exists(): address_qs = Address.objects.filter(id=address_id) \
role = Role.objects.filter(establishment_subtype_id__in=[est_type.id for est_type in est], .only('city__country')
role=Role.WINERY_REVIEWER,
country_id__in=[country.id for country in countries]) \
.first()
rules.append( if address_qs.exists():
UserRole.objects.filter(user=request.user, role=role).exists() country_id = address_qs.values_list('city__country', flat=True)
)
return any(rules) est_subtype_qs = EstablishmentSubType.objects.filter(establishment_type_id=type_id).only('id')
if est_subtype_qs.exists():
role = Role.objects.filter(
establishment_subtype_id=est_subtype_qs.values_list('id', flat=True)[0],
role=Role.WINERY_REVIEWER,
country_id=country_id
)
rule = True if role.exists() else rule
rules.append(rule)
return all(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
rules = [ rules = [
super().has_object_permission(request, view, obj) super().has_object_permission(request, view, obj)
] ]
if hasattr(obj, 'type_id') or hasattr(obj, 'establishment_type_id'): rule = False
type_id: int if request.user.is_authenticated:
type_id = None
object_id = None
country_id = None
if hasattr(obj, 'type_id'): if hasattr(obj, 'type_id'):
type_id = obj.type_id type_id = obj.type_id
else:
if hasattr(obj, 'establishment_type_id'):
type_id = obj.establishment_type_id type_id = obj.establishment_type_id
est = EstablishmentSubType.objects.filter(establishment_type_id=type_id)
role = Role.objects.filter(role=Role.WINERY_REVIEWER,
establishment_subtype_id__in=[est_type.id for est_type in est],
country_id=obj.country_id).first()
object_id: int
if hasattr(obj, 'object_id'): if hasattr(obj, 'object_id'):
object_id = obj.object_id object_id = obj.object_id
else:
if hasattr(obj, 'establishment_id'):
object_id = obj.establishment_id object_id = obj.establishment_id
rules = [ if hasattr(obj, 'country_id'):
UserRole.objects.filter(user=request.user, role=role, country_id = obj.country_id
establishment_id=object_id
).exists(),
super().has_object_permission(request, view, obj)
]
return any(rules)
if type_id and object_id and country_id:
est_subtype_qs = EstablishmentSubType.objects.filter(
establishment_type_id=type_id
).only('id')
class IsWineryReviewer(IsStandardUser): if est_subtype_qs.exists():
est_subtype_id = est_subtype_qs.values_list('id', flat=True)[0]
def has_permission(self, request, view): role = Role.objects.filter(
rules = [ role=Role.WINERY_REVIEWER,
super().has_permission(request, view) establishment_subtype_id=est_subtype_id,
] country_id=country_id
).first()
if 'type_id' in request.data and 'address_id' in request.data and request.user: user_role = UserRole.objects.filter(
countries = Address.objects.filter(id=request.data['address_id']) user=request.user,
role=role,
est = EstablishmentSubType.objects.filter(establishment_type_id=request.data['type_id']) establishment_id=object_id,
if est.exists(): )
role = Role.objects.filter(establishment_subtype_id__in=[est_type.id for est_type in est], rule = True if user_role.exists() else rule
role=Role.WINERY_REVIEWER, rules.append(rule)
country_id__in=[country.id for country in countries]) \ return all(rules)
.first()
rules.append(
UserRole.objects.filter(user=request.user, role=role).exists()
)
return any(rules)
def has_object_permission(self, request, view, obj):
rules = [
super().has_object_permission(request, view, obj)
]
if hasattr(obj, 'type_id') or hasattr(obj, 'establishment_type_id'):
type_id: int
if hasattr(obj, 'type_id'):
type_id = obj.type_id
else:
type_id = obj.establishment_type_id
est = EstablishmentSubType.objects.filter(establishment_type_id=type_id)
role = Role.objects.filter(role=Role.WINERY_REVIEWER,
establishment_subtype_id__in=[est_type.id for est_type in est],
country_id=obj.country_id).first()
object_id: int
if hasattr(obj, 'object_id'):
object_id = obj.object_id
else:
object_id = obj.establishment_id
rules = [
UserRole.objects.filter(user=request.user, role=role,
establishment_id=object_id
).exists(),
super().has_object_permission(request, view, obj)
]
return any(rules)
class IsProductReviewer(IsStandardUser): class IsProductReviewer(IsStandardUser):
@ -526,10 +526,10 @@ class IsProductReviewer(IsStandardUser):
.exists() .exists()
rules.append(permission) rules.append(permission)
return any(rules) return all(rules)
class IsLiquorReviewer(IsStandardUser): class IsDistilleryLiquorInspector(IsStandardUser):
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
super().has_permission(request, view) super().has_permission(request, view)
@ -548,7 +548,7 @@ class IsLiquorReviewer(IsStandardUser):
id=request.data['product_type_id']) id=request.data['product_type_id'])
if product_types.exists(): if product_types.exists():
roles = Role.objects.filter(role=Role.LIQUOR_REVIEWER, roles = Role.objects.filter(role=Role.DISTILLERY_LIQUOR_INSPECTOR,
site_id=request.data['site_id']) site_id=request.data['site_id'])
if 'pk' in view.kwargs: if 'pk' in view.kwargs:
@ -564,7 +564,7 @@ class IsLiquorReviewer(IsStandardUser):
id=product.product_type_id) id=product.product_type_id)
if product_types.exists(): if product_types.exists():
roles = Role.objects.filter(role=Role.LIQUOR_REVIEWER, roles = Role.objects.filter(role=Role.DISTILLERY_LIQUOR_INSPECTOR,
site_id=product.site_id) site_id=product.site_id)
if roles is not None: if roles is not None:
@ -572,7 +572,7 @@ class IsLiquorReviewer(IsStandardUser):
.exists() .exists()
rules.append(permission) rules.append(permission)
return any(rules) return all(rules)
# #
# def has_object_permission(self, request, view, obj): # def has_object_permission(self, request, view, obj):
@ -590,8 +590,8 @@ class IsLiquorReviewer(IsStandardUser):
# # product = Product.objects.get(pk=pk_object) # # product = Product.objects.get(pk=pk_object)
# # # #
# # if product.sites.exists(): # # if product.sites.exists():
# # role = Role.objects.filter(role=Role.LIQUOR_REVIEWER, site__in=[site for site in product.sites]) # # role = Role.objects.filter(role=Role.DISTILLERY_LIQUOR_INSPECTOR, site__in=[site for site in product.sites])
# # permission = UserRole.objects.filter(user=request.user, role=role).exists() # # permission = UserRole.objects.filter(user=request.user, role=role).exists()
# # # #
# # rules.append(permission) # # rules.append(permission)
# return any(rules) # return all(rules)