phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix country admin

Browse Source
This commit is contained in:
Виктор Гладких 2019-10-25 12:42:01 +03:00
parent 046d0c5fe6
commit 7f4b46dbf8
6 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/comment/tests.py
View File

@ -90,7 +90,7 @@ class CommentModeratorPermissionTests(BasePermissionTests):
def test_get(self): def test_get(self):
response = self.client.get(self.url, format='json') response = self.client.get(self.url, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_put_other_user(self): def test_put_other_user(self):
other_user = User.objects.create_user(username='test', other_user = User.objects.create_user(username='test',

5
apps/comment/views/back.py
View File

@ -8,12 +8,13 @@ class CommentLstView(generics.ListCreateAPIView):
"""Comment list create view.""" """Comment list create view."""
serializer_class = serializers.CommentBaseSerializer serializer_class = serializers.CommentBaseSerializer
queryset = models.Comment.objects.all() queryset = models.Comment.objects.all()
permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCountryAdmin|IsCommentModerator] permission_classes = [permissions.IsAuthenticatedOrReadOnly| IsCommentModerator|IsCountryAdmin]
class CommentRUDView(generics.RetrieveUpdateDestroyAPIView): class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):
"""Comment RUD view.""" """Comment RUD view."""
serializer_class = serializers.CommentBaseSerializer serializer_class = serializers.CommentBaseSerializer
queryset = models.Comment.objects.all() queryset = models.Comment.objects.all()
permission_classes = [IsCountryAdmin|IsCommentModerator]
permission_classes = [IsCountryAdmin | IsCommentModerator]
lookup_field = 'id' lookup_field = 'id'

1
apps/location/serializers/back.py
View File

@ -16,4 +16,5 @@ class CountryBackSerializer(common.CountrySerializer):
'code', 'code',
'svg_image', 'svg_image',
'name', 'name',
'country_id'
] ]

5
apps/location/tests.py
View File

@ -19,11 +19,6 @@ class BaseTestCase(APITestCase):
self.user = User.objects.create_user( self.user = User.objects.create_user(
username=self.username, email=self.email, password=self.password) username=self.username, email=self.email, password=self.password)
# get tokens
# self.user.is_superuser = True
# self.user.save()
tokkens = User.create_jwt_tokens(self.user) tokkens = User.create_jwt_tokens(self.user)
self.client.cookies = SimpleCookie( self.client.cookies = SimpleCookie(
{'access_token': tokkens.get('access_token'), {'access_token': tokkens.get('access_token'),

4
apps/location/views/back.py
View File

@ -4,7 +4,7 @@ from rest_framework import generics
from location import models, serializers from location import models, serializers
from location.views import common from location.views import common
from utils.permissions import IsCountryAdmin from utils.permissions import IsCountryAdmin
from rest_framework.permissions import IsAuthenticatedOrReadOnly
# Address # Address
class AddressListCreateView(common.AddressViewMixin, generics.ListCreateAPIView): class AddressListCreateView(common.AddressViewMixin, generics.ListCreateAPIView):
"""Create view for model Address.""" """Create view for model Address."""
@ -50,7 +50,7 @@ class CountryListCreateView(generics.ListCreateAPIView):
queryset = models.Country.objects.all() queryset = models.Country.objects.all()
serializer_class = serializers.CountryBackSerializer serializer_class = serializers.CountryBackSerializer
pagination_class = None pagination_class = None
permission_classes = [IsCountryAdmin] permission_classes = [IsAuthenticatedOrReadOnly|IsCountryAdmin]
class CountryRUDView(generics.RetrieveUpdateDestroyAPIView): class CountryRUDView(generics.RetrieveUpdateDestroyAPIView):
"""RUD view for model Country.""" """RUD view for model Country."""

28
apps/utils/permissions.py
View File

@ -56,7 +56,15 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
Object-level permission to only allow owners of an object to edit it. Object-level permission to only allow owners of an object to edit it.
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return request.user.is_authenticated rules = [
request.method in permissions.SAFE_METHODS
]
# if hasattr(request, 'user.is_superuser'):
# rules = [
# request.user.is_superuser,
# request.method in permissions.SAFE_METHODS
# ]
return any(rules)
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
@ -131,7 +139,6 @@ class IsCountryAdmin(IsStandardUser):
rules = [ rules = [
super().has_permission(request, view) super().has_permission(request, view)
] ]
# and request.user.email_confirmed, # and request.user.email_confirmed,
if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'): if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
# Read permissions are allowed to any request. # Read permissions are allowed to any request.
@ -153,9 +160,20 @@ class IsCountryAdmin(IsStandardUser):
.first() # 'Comments moderator' .first() # 'Comments moderator'
rules = [ rules = [
UserRole.objects.filter(user=request.user, role=role).exists(), super().has_object_permission(request, view, obj)
super().has_object_permission(request, view, obj), ]
] # and request.user.email_confirmed,
if hasattr(request, 'user') and request.user.is_authenticated:
rules = [
UserRole.objects.filter(user=request.user, role=role).exists(),
super().has_object_permission(request, view, obj),
]
if hasattr(request.data, 'user'):
rules = [
UserRole.objects.filter(user=request.data.user, role=role).exists(),
super().has_object_permission(request, view, obj),
]
return any(rules) return any(rules)