Fix establishment timetable serailizer for permission

2019-11-25 10:45:20 +03:00 · 2019-11-25 10:45:20 +03:00 · 6bb0eac409
commit 6bb0eac409
parent 13eb8abac6
3 changed files with 25 additions and 15 deletions
--- a/apps/partner/serializers/back.py
+++ b/apps/partner/serializers/back.py
@ -13,6 +13,7 @@ class BackPartnerSerializer(serializers.ModelSerializer):
            'url',
            'image',
            'establishment',
+            'establishment_id',
            'type',
            'starting_date',
            'expiry_date',
--- a/apps/timetable/serialziers.py
+++ b/apps/timetable/serialziers.py
@ -20,6 +20,7 @@ class ScheduleRUDSerializer(serializers.ModelSerializer):
    dinner_end = serializers.TimeField(required=False)
    opening_at = serializers.TimeField(required=False)
    closed_at = serializers.TimeField(required=False)
+    establishment_id = serializers.ReadOnlyField(source='establishment.id')

    class Meta:
        """Meta class."""
@ -34,8 +35,10 @@ class ScheduleRUDSerializer(serializers.ModelSerializer):
            'dinner_end',
            'opening_at',
            'closed_at',
+            'establishment_id'
        ]

+
    def validate(self, attrs):
        """Override validate method"""
        establishment_pk = self.context.get('request')\
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -280,30 +280,36 @@ class IsEstablishmentManager(IsStandardUser):
            super().has_permission(request, view)
        ]

-        # and request.user.email_confirmed,
-        if hasattr(request.data, 'user') and hasattr(request.data, 'establishment_id'):
-            role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
-                .first()  # 'Comments moderator'
+        if hasattr(request.data, 'user'):
+            if hasattr(request.data, 'establishment_id'):
+                role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
+                    .first()

-            rules = [
-                UserRole.objects.filter(user=request.user, role=role,
-                                        establishment_id=request.data.establishment_id
-                                        ).exists(),
-                super().has_permission(request, view)
-            ]
+                rules = [
+                    UserRole.objects.filter(user=request.user, role=role,
+                                            establishment_id=request.data.establishment_id
+                                            ).exists(),
+                    super().has_permission(request, view)
+                ]
        return any(rules)

    def has_object_permission(self, request, view, obj):
-        role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
-            .first()  # 'Comments moderator'

        rules = [
-            UserRole.objects.filter(user=request.user, role=role,
-                                    establishment_id=obj.establishment_id
-                                    ).exists(),
            super().has_object_permission(request, view, obj)
        ]

+        role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
+            .first()
+
+        if hasattr(obj, 'establishment_id'):
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role,
+                                        establishment_id=obj.establishment_id
+                                        ).exists(),
+                super().has_object_permission(request, view, obj)
+            ]
+
        return any(rules)