From 6bb0eac409b1c63623317c18a9934ee338c138d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=92=D0=B8=D0=BA=D1=82=D0=BE=D1=80=20=D0=93=D0=BB=D0=B0?= =?UTF-8?q?=D0=B4=D0=BA=D0=B8=D1=85?= Date: Mon, 25 Nov 2019 10:45:20 +0300 Subject: [PATCH] Fix establishment timetable serailizer for permission --- apps/partner/serializers/back.py | 1 + apps/timetable/serialziers.py | 3 +++ apps/utils/permissions.py | 36 +++++++++++++++++++------------- 3 files changed, 25 insertions(+), 15 deletions(-) diff --git a/apps/partner/serializers/back.py b/apps/partner/serializers/back.py index d011e058..e9e03fe0 100644 --- a/apps/partner/serializers/back.py +++ b/apps/partner/serializers/back.py @@ -13,6 +13,7 @@ class BackPartnerSerializer(serializers.ModelSerializer): 'url', 'image', 'establishment', + 'establishment_id', 'type', 'starting_date', 'expiry_date', diff --git a/apps/timetable/serialziers.py b/apps/timetable/serialziers.py index 533bca70..f7ae4204 100644 --- a/apps/timetable/serialziers.py +++ b/apps/timetable/serialziers.py @@ -20,6 +20,7 @@ class ScheduleRUDSerializer(serializers.ModelSerializer): dinner_end = serializers.TimeField(required=False) opening_at = serializers.TimeField(required=False) closed_at = serializers.TimeField(required=False) + establishment_id = serializers.ReadOnlyField(source='establishment.id') class Meta: """Meta class.""" @@ -34,8 +35,10 @@ class ScheduleRUDSerializer(serializers.ModelSerializer): 'dinner_end', 'opening_at', 'closed_at', + 'establishment_id' ] + def validate(self, attrs): """Override validate method""" establishment_pk = self.context.get('request')\ diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py index 406c1692..7b8ff845 100644 --- a/apps/utils/permissions.py +++ b/apps/utils/permissions.py @@ -280,30 +280,36 @@ class IsEstablishmentManager(IsStandardUser): super().has_permission(request, view) ] - # and request.user.email_confirmed, - if hasattr(request.data, 'user') and hasattr(request.data, 'establishment_id'): - role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ - .first() # 'Comments moderator' + if hasattr(request.data, 'user'): + if hasattr(request.data, 'establishment_id'): + role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ + .first() - rules = [ - UserRole.objects.filter(user=request.user, role=role, - establishment_id=request.data.establishment_id - ).exists(), - super().has_permission(request, view) - ] + rules = [ + UserRole.objects.filter(user=request.user, role=role, + establishment_id=request.data.establishment_id + ).exists(), + super().has_permission(request, view) + ] return any(rules) def has_object_permission(self, request, view, obj): - role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ - .first() # 'Comments moderator' rules = [ - UserRole.objects.filter(user=request.user, role=role, - establishment_id=obj.establishment_id - ).exists(), super().has_object_permission(request, view, obj) ] + role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \ + .first() + + if hasattr(obj, 'establishment_id'): + rules = [ + UserRole.objects.filter(user=request.user, role=role, + establishment_id=obj.establishment_id + ).exists(), + super().has_object_permission(request, view, obj) + ] + return any(rules)