Fix country admin

2019-10-25 12:42:01 +03:00 · 2019-10-25 12:42:01 +03:00 · 7f4b46dbf8
commit 7f4b46dbf8
parent 046d0c5fe6
6 changed files with 30 additions and 15 deletions
--- a/apps/comment/tests.py
+++ b/apps/comment/tests.py
@ -90,7 +90,7 @@ class CommentModeratorPermissionTests(BasePermissionTests):

    def test_get(self):
        response = self.client.get(self.url, format='json')
-        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)

    def test_put_other_user(self):
        other_user = User.objects.create_user(username='test',
--- a/apps/comment/views/back.py
+++ b/apps/comment/views/back.py
@ -8,12 +8,13 @@ class CommentLstView(generics.ListCreateAPIView):
    """Comment list create view."""
    serializer_class = serializers.CommentBaseSerializer
    queryset = models.Comment.objects.all()
-    permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCountryAdmin|IsCommentModerator]
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly| IsCommentModerator|IsCountryAdmin]


 class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):
    """Comment RUD view."""
    serializer_class = serializers.CommentBaseSerializer
    queryset = models.Comment.objects.all()
-    permission_classes = [IsCountryAdmin|IsCommentModerator]
+
+    permission_classes = [IsCountryAdmin | IsCommentModerator]
    lookup_field = 'id'
--- a/apps/location/serializers/back.py
+++ b/apps/location/serializers/back.py
@ -16,4 +16,5 @@ class CountryBackSerializer(common.CountrySerializer):
            'code',
            'svg_image',
            'name',
+            'country_id'
        ]
--- a/apps/location/tests.py
+++ b/apps/location/tests.py
@ -19,11 +19,6 @@ class BaseTestCase(APITestCase):
        self.user = User.objects.create_user(
            username=self.username, email=self.email, password=self.password)

-        # get tokens
-
-        # self.user.is_superuser = True
-        # self.user.save()
-
        tokkens = User.create_jwt_tokens(self.user)
        self.client.cookies = SimpleCookie(
            {'access_token': tokkens.get('access_token'),
--- a/apps/location/views/back.py
+++ b/apps/location/views/back.py
@ -4,7 +4,7 @@ from rest_framework import generics
 from location import models, serializers
 from location.views import common
 from utils.permissions import IsCountryAdmin
-
+from rest_framework.permissions import  IsAuthenticatedOrReadOnly
 # Address
 class AddressListCreateView(common.AddressViewMixin, generics.ListCreateAPIView):
    """Create view for model Address."""
@ -50,7 +50,7 @@ class CountryListCreateView(generics.ListCreateAPIView):
    queryset = models.Country.objects.all()
    serializer_class = serializers.CountryBackSerializer
    pagination_class = None
-    permission_classes = [IsCountryAdmin]
+    permission_classes = [IsAuthenticatedOrReadOnly|IsCountryAdmin]

 class CountryRUDView(generics.RetrieveUpdateDestroyAPIView):
    """RUD view for model Country."""
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -56,7 +56,15 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
    Object-level permission to only allow owners of an object to edit it.
    """
    def has_permission(self, request, view):
-        return request.user.is_authenticated
+        rules = [
+            request.method in permissions.SAFE_METHODS
+        ]
+    #     if hasattr(request, 'user.is_superuser'):
+    #         rules = [
+    #             request.user.is_superuser,
+    #             request.method in permissions.SAFE_METHODS
+    #         ]
+        return any(rules)

    def has_object_permission(self, request, view, obj):

@ -131,7 +139,6 @@ class IsCountryAdmin(IsStandardUser):
        rules = [
            super().has_permission(request, view)
        ]
-
        # and request.user.email_confirmed,
        if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
            # Read permissions are allowed to any request.
@ -153,9 +160,20 @@ class IsCountryAdmin(IsStandardUser):
            .first()  # 'Comments moderator'

        rules = [
-            UserRole.objects.filter(user=request.user, role=role).exists(),
-            super().has_object_permission(request, view, obj),
-        ]
+                super().has_object_permission(request, view, obj)
+            ]
+        # and request.user.email_confirmed,
+        if hasattr(request, 'user') and request.user.is_authenticated:
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role).exists(),
+                super().has_object_permission(request, view, obj),
+            ]
+
+        if hasattr(request.data, 'user'):
+            rules = [
+                UserRole.objects.filter(user=request.data.user, role=role).exists(),
+                super().has_object_permission(request, view, obj),
+            ]

        return any(rules)