phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'feature/permission_winery' into 'develop'

Browse Source 
Feature/permission winery

See merge request gm/gm-backend!173
This commit is contained in:
d.kuzmenko 2019-12-09 14:05:48 +00:00
commit 6a3a40be4f
8 changed files with 105 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/account/migrations/0024_role_establishment_subtype.py Normal file
View File

@ -0,0 +1,20 @@
# Generated by Django 2.2.7 on 2019-12-06 06:55
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('establishment', '0067_auto_20191122_1244'),
('account', '0023_auto_20191204_0916'),
]
operations = [
migrations.AddField(
model_name='role',
name='establishment_subtype',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='establishment.EstablishmentSubType', verbose_name='Establishment subtype'),
),
]

8
apps/account/models.py
View File

@ -1,5 +1,6 @@
"""Account models""" """Account models"""
from datetime import datetime from datetime import datetime
from tabnanny import verbose
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager
@ -15,7 +16,7 @@ from django.utils.translation import ugettext_lazy as _
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from authorization.models import Application from authorization.models import Application
from establishment.models import Establishment from establishment.models import Establishment, EstablishmentSubType
from location.models import Country from location.models import Country
from main.models import SiteSettings from main.models import SiteSettings
from utils.models import GMTokenGenerator from utils.models import GMTokenGenerator
@ -33,7 +34,7 @@ class Role(ProjectBaseMixin):
REVIEWER_MANGER = 6 REVIEWER_MANGER = 6
RESTAURANT_REVIEWER = 7 RESTAURANT_REVIEWER = 7
SALES_MAN = 8 SALES_MAN = 8
WINERY_REVIEWER = 9 WINERY_REVIEWER = 9 # Establishments subtype "winery"
SELLER = 10 SELLER = 10
ROLE_CHOICES = ( ROLE_CHOICES = (
@ -54,6 +55,9 @@ class Role(ProjectBaseMixin):
null=True, blank=True, on_delete=models.SET_NULL) null=True, blank=True, on_delete=models.SET_NULL)
site = models.ForeignKey(SiteSettings, verbose_name=_('Site settings'), site = models.ForeignKey(SiteSettings, verbose_name=_('Site settings'),
null=True, blank=True, on_delete=models.SET_NULL) null=True, blank=True, on_delete=models.SET_NULL)
establishment_subtype = models.ForeignKey(EstablishmentSubType,
verbose_name=_('Establishment subtype'),
null=True, blank=True, on_delete=models.SET_NULL)
class UserManager(BaseUserManager): class UserManager(BaseUserManager):

1
apps/account/serializers/back.py
View File

@ -33,6 +33,7 @@ class BackUserSerializer(serializers.ModelSerializer):
'email_confirmed', 'email_confirmed',
'newsletter', 'newsletter',
'roles', 'roles',
'password'
) )
extra_kwargs = { extra_kwargs = {
'password': {'write_only': True} 'password': {'write_only': True}

2
apps/account/urls/back.py
View File

@ -8,6 +8,6 @@ app_name = 'account'
urlpatterns = [ urlpatterns = [
path('role/', views.RoleLstView.as_view(), name='role-list-create'), path('role/', views.RoleLstView.as_view(), name='role-list-create'),
path('user-role/', views.UserRoleLstView.as_view(), name='user-role-list-create'), path('user-role/', views.UserRoleLstView.as_view(), name='user-role-list-create'),
path('user/', views.UserLstView.as_view(), name='user-list-create'), path('user/', views.UserLstView.as_view(), name='user-create-list'),
path('user/<int:id>/', views.UserRUDView.as_view(), name='user-rud'), path('user/<int:id>/', views.UserRUDView.as_view(), name='user-rud'),
] ]

19
apps/establishment/models.py
View File

@ -830,25 +830,6 @@ class ContactEmail(models.Model):
return f'{self.email}' return f'{self.email}'
#
# class Wine(TranslatedFieldsMixin, models.Model):
# """Wine model."""
# establishment = models.ForeignKey(
# 'establishment.Establishment', verbose_name=_('establishment'),
# on_delete=models.CASCADE)
# bottles = models.IntegerField(_('bottles'))
# price_min = models.DecimalField(
# _('price min'), max_digits=14, decimal_places=2)
# price_max = models.DecimalField(
# _('price max'), max_digits=14, decimal_places=2)
# by_glass = models.BooleanField(_('by glass'))
# price_glass_min = models.DecimalField(
# _('price min'), max_digits=14, decimal_places=2)
# price_glass_max = models.DecimalField(
# _('price max'), max_digits=14, decimal_places=2)
#
class Plate(TranslatedFieldsMixin, models.Model): class Plate(TranslatedFieldsMixin, models.Model):
"""Plate model.""" """Plate model."""
STR_FIELD_NAME = 'name' STR_FIELD_NAME = 'name'

5
apps/establishment/tests.py
View File

@ -4,7 +4,8 @@ from account.models import User
from rest_framework import status from rest_framework import status
from http.cookies import SimpleCookie from http.cookies import SimpleCookie
from main.models import Currency from main.models import Currency
from establishment.models import Establishment, EstablishmentType, Menu, SocialChoice, SocialNetwork from establishment.models import Establishment, EstablishmentType, EstablishmentSubType,\
Menu, SocialChoice, SocialNetwork
# Create your tests here. # Create your tests here.
from translation.models import Language from translation.models import Language
from account.models import Role, UserRole from account.models import Role, UserRole
@ -87,7 +88,7 @@ class BaseTestCase(APITestCase):
) )
class EstablishmentBTests(BaseTestCase): class EstablishmentBackTests(BaseTestCase):
def test_establishment_CRUD(self): def test_establishment_CRUD(self):
params = {'page': 1, 'page_size': 1, } params = {'page': 1, 'page_size': 1, }
response = self.client.get('/api/back/establishments/', params, format='json') response = self.client.get('/api/back/establishments/', params, format='json')

28
apps/establishment/views/back.py
View File

@ -3,10 +3,9 @@ from django.http import Http404, HttpResponse
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework import generics, permissions, status from rest_framework import generics, permissions, status
from utils.permissions import IsCountryAdmin, IsEstablishmentManager
from establishment import filters, models, serializers from establishment import filters, models, serializers
from timetable.serialziers import ScheduleRUDSerializer, ScheduleCreateSerializer from timetable.serialziers import ScheduleRUDSerializer, ScheduleCreateSerializer
from utils.permissions import IsCountryAdmin, IsEstablishmentManager from utils.permissions import IsCountryAdmin, IsEstablishmentManager, IsWineryReviewer
from utils.views import CreateDestroyGalleryViewMixin from utils.views import CreateDestroyGalleryViewMixin
from timetable.models import Timetable from timetable.models import Timetable
from rest_framework import status from rest_framework import status
@ -25,7 +24,8 @@ class EstablishmentListCreateView(EstablishmentMixinViews, generics.ListCreateAP
"""Establishment list/create view.""" """Establishment list/create view."""
filter_class = filters.EstablishmentFilter filter_class = filters.EstablishmentFilter
permission_classes = [IsCountryAdmin | IsEstablishmentManager]
permission_classes = [IsWineryReviewer | IsCountryAdmin | IsEstablishmentManager]
queryset = models.Establishment.objects.all() queryset = models.Establishment.objects.all()
serializer_class = serializers.EstablishmentListCreateSerializer serializer_class = serializers.EstablishmentListCreateSerializer
@ -34,14 +34,14 @@ class EstablishmentRUDView(generics.RetrieveUpdateDestroyAPIView):
lookup_field = 'slug' lookup_field = 'slug'
queryset = models.Establishment.objects.all() queryset = models.Establishment.objects.all()
serializer_class = serializers.EstablishmentRUDSerializer serializer_class = serializers.EstablishmentRUDSerializer
permission_classes = [IsCountryAdmin | IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsCountryAdmin | IsEstablishmentManager]
class EstablishmentScheduleRUDView(generics.RetrieveUpdateDestroyAPIView): class EstablishmentScheduleRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Establishment schedule RUD view""" """Establishment schedule RUD view"""
lookup_field = 'slug' lookup_field = 'slug'
serializer_class = ScheduleRUDSerializer serializer_class = ScheduleRUDSerializer
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer |IsEstablishmentManager]
def get_object(self): def get_object(self):
""" """
@ -67,21 +67,21 @@ class EstablishmentScheduleCreateView(generics.CreateAPIView):
lookup_field = 'slug' lookup_field = 'slug'
serializer_class = ScheduleCreateSerializer serializer_class = ScheduleCreateSerializer
queryset = Timetable.objects.all() queryset = Timetable.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class MenuListCreateView(generics.ListCreateAPIView): class MenuListCreateView(generics.ListCreateAPIView):
"""Menu list create view.""" """Menu list create view."""
serializer_class = serializers.MenuSerializers serializer_class = serializers.MenuSerializers
queryset = models.Menu.objects.all() queryset = models.Menu.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class MenuRUDView(generics.RetrieveUpdateDestroyAPIView): class MenuRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Menu RUD view.""" """Menu RUD view."""
serializer_class = serializers.MenuRUDSerializers serializer_class = serializers.MenuRUDSerializers
queryset = models.Menu.objects.all() queryset = models.Menu.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class SocialChoiceListCreateView(generics.ListCreateAPIView): class SocialChoiceListCreateView(generics.ListCreateAPIView):
@ -119,14 +119,14 @@ class PlateListCreateView(generics.ListCreateAPIView):
serializer_class = serializers.PlatesSerializers serializer_class = serializers.PlatesSerializers
queryset = models.Plate.objects.all() queryset = models.Plate.objects.all()
pagination_class = None pagination_class = None
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class PlateRUDView(generics.RetrieveUpdateDestroyAPIView): class PlateRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Plate RUD view.""" """Plate RUD view."""
serializer_class = serializers.PlatesSerializers serializer_class = serializers.PlatesSerializers
queryset = models.Plate.objects.all() queryset = models.Plate.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class PhonesListCreateView(generics.ListCreateAPIView): class PhonesListCreateView(generics.ListCreateAPIView):
@ -134,14 +134,14 @@ class PhonesListCreateView(generics.ListCreateAPIView):
serializer_class = serializers.ContactPhoneBackSerializers serializer_class = serializers.ContactPhoneBackSerializers
queryset = models.ContactPhone.objects.all() queryset = models.ContactPhone.objects.all()
pagination_class = None pagination_class = None
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class PhonesRUDView(generics.RetrieveUpdateDestroyAPIView): class PhonesRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Phones RUD view.""" """Phones RUD view."""
serializer_class = serializers.ContactPhoneBackSerializers serializer_class = serializers.ContactPhoneBackSerializers
queryset = models.ContactPhone.objects.all() queryset = models.ContactPhone.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class EmailListCreateView(generics.ListCreateAPIView): class EmailListCreateView(generics.ListCreateAPIView):
@ -149,14 +149,14 @@ class EmailListCreateView(generics.ListCreateAPIView):
serializer_class = serializers.ContactEmailBackSerializers serializer_class = serializers.ContactEmailBackSerializers
queryset = models.ContactEmail.objects.all() queryset = models.ContactEmail.objects.all()
pagination_class = None pagination_class = None
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class EmailRUDView(generics.RetrieveUpdateDestroyAPIView): class EmailRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Email RUD view.""" """Email RUD view."""
serializer_class = serializers.ContactEmailBackSerializers serializer_class = serializers.ContactEmailBackSerializers
queryset = models.ContactEmail.objects.all() queryset = models.ContactEmail.objects.all()
permission_classes = [IsEstablishmentManager] permission_classes = [IsWineryReviewer | IsEstablishmentManager]
class EmployeeListCreateView(generics.ListCreateAPIView): class EmployeeListCreateView(generics.ListCreateAPIView):

65
apps/utils/permissions.py
View File

@ -7,7 +7,8 @@ from rest_framework_simplejwt.tokens import AccessToken
from account.models import UserRole, Role from account.models import UserRole, Role
from authorization.models import JWTRefreshToken from authorization.models import JWTRefreshToken
from utils.tokens import GMRefreshToken from utils.tokens import GMRefreshToken
from establishment.models import EstablishmentSubType
from location.models import Address
class IsAuthenticatedAndTokenIsValid(permissions.BasePermission): class IsAuthenticatedAndTokenIsValid(permissions.BasePermission):
""" """
@ -56,8 +57,9 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
""" """
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
""" """
SAFE_METHODS = ('GET', 'HEAD', 'OPTIONS')
def has_permission(self, request, view): def has_permission(self, request, view):
rules = [ rules = [
request.user.is_superuser, request.user.is_superuser,
request.method in permissions.SAFE_METHODS request.method in permissions.SAFE_METHODS
@ -306,7 +308,6 @@ class IsEstablishmentManager(IsStandardUser):
rules = [ rules = [
# special! # special!
super().has_permission(request, view) super().has_permission(request, view)
# super().has_object_permission(request, view, obj)
] ]
role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
@ -319,7 +320,6 @@ class IsEstablishmentManager(IsStandardUser):
).exists(), ).exists(),
# special! # special!
super().has_permission(request, view) super().has_permission(request, view)
# super().has_object_permission(request, view, obj)
] ]
return any(rules) return any(rules)
@ -368,7 +368,7 @@ class IsRestaurantReviewer(IsStandardUser):
# and request.user.email_confirmed, # and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'object_id'): if hasattr(request.data, 'user') and hasattr(request.data, 'object_id'):
role = Role.objects.filter(role=Role.RESTAURANT_REVIEWER) \ role = Role.objects.filter(role=Role.RESTAURANT_REVIEWER) \
.first() # 'Comments moderator' .first()
rules = [ rules = [
UserRole.objects.filter(user=request.user, role=role, UserRole.objects.filter(user=request.user, role=role,
@ -394,3 +394,58 @@ class IsRestaurantReviewer(IsStandardUser):
] ]
return any(rules) return any(rules)
class IsWineryReviewer(IsStandardUser):
def has_permission(self, request, view):
rules = [
super().has_permission(request, view)
]
if 'type_id' in request.data and 'address_id' in request.data and request.user:
countries = Address.objects.filter(id=request.data['address_id'])
est = EstablishmentSubType.objects.filter(establishment_type_id=request.data['type_id'])
if est.exists():
role = Role.objects.filter(establishment_subtype_id__in=[type.id for type in est],
role=Role.WINERY_REVIEWER,
country_id__in=[country.id for country in countries]) \
.first()
rules.append(
UserRole.objects.filter(user=request.user, role=role).exists()
)
return any(rules)
def has_object_permission(self, request, view, obj):
rules = [
super().has_object_permission(request, view, obj)
]
if hasattr(obj, 'type_id') or hasattr(obj, 'establishment_type_id'):
type_id: int
if hasattr(obj, 'type_id'):
type_id = obj.type_id
else:
type_id = obj.establishment_type_id
est = EstablishmentSubType.objects.filter(establishment_type_id=type_id)
role = Role.objects.filter(role=Role.WINERY_REVIEWER,
establishment_subtype_id__in=[id for type.id in est],
country_id=obj.country_id).first()
object_id: int
if hasattr(obj, 'object_id'):
object_id = obj.object_id
else:
object_id = obj.establishment_id
rules = [
UserRole.objects.filter(user=request.user, role=role,
establishment_id=object_id
).exists(),
super().has_object_permission(request, view, obj)
]
return any(rules)