Fix roles

2019-10-25 15:51:07 +03:00 · 2019-10-25 15:51:07 +03:00 · a38fed847a
commit a38fed847a
parent b7831b9739
1 changed files with 71 additions and 16 deletions
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -20,8 +20,8 @@ class IsAuthenticatedAndTokenIsValid(permissions.BasePermission):
        access_token = request.COOKIES.get('access_token')
        if user.is_authenticated and access_token:
            access_token = AccessToken(access_token)
-            valid_tokens = user.access_tokens.valid()\
-                                             .by_jti(jti=access_token.payload.get('jti'))
+            valid_tokens = user.access_tokens.valid() \
+                .by_jti(jti=access_token.payload.get('jti'))
            return valid_tokens.exists()
        else:
            return False
@ -31,13 +31,14 @@ class IsRefreshTokenValid(permissions.BasePermission):
    """
    Check if user has a valid refresh token and authenticated
    """
+
    def has_permission(self, request, view):
        """Check permissions by refresh token and default REST permission IsAuthenticated"""
        refresh_token = request.COOKIES.get('refresh_token')
        if refresh_token:
            refresh_token = GMRefreshToken(refresh_token)
-            refresh_token_qs = JWTRefreshToken.objects.valid()\
-                                                      .by_jti(jti=refresh_token.payload.get('jti'))
+            refresh_token_qs = JWTRefreshToken.objects.valid() \
+                .by_jti(jti=refresh_token.payload.get('jti'))
            return refresh_token_qs.exists()
        else:
            return False
@ -55,6 +56,7 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
    """
    Object-level permission to only allow owners of an object to edit it.
    """
+
    def has_permission(self, request, view):
        rules = [
            request.user.is_superuser,
@ -63,7 +65,6 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
        return any(rules)

    def has_object_permission(self, request, view, obj):
-
        rules = [
            request.user.is_superuser,
            request.method in permissions.SAFE_METHODS
@ -76,6 +77,7 @@ class IsStandardUser(IsGuest):
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """
+
    def has_permission(self, request, view):
        rules = [
            super().has_permission(request, view)
@ -118,7 +120,7 @@ class IsContentPageManager(IsStandardUser):
        # and request.user.email_confirmed,
        if hasattr(request, 'user'):
            role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
-                                       country_id=request.country_id)\
+                                       country_id=request.country_id) \
                .first()  # 'Comments moderator'

            rules = [
@ -132,7 +134,7 @@ class IsContentPageManager(IsStandardUser):
        # Read permissions are allowed to any request.

        role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
-                                   country_id=obj.country_id)\
+                                   country_id=obj.country_id) \
            .first()  # 'Comments moderator'

        rules = [
@ -148,6 +150,7 @@ class IsCountryAdmin(IsStandardUser):
        Object-level permission to only allow owners of an object to edit it.
        Assumes the model instance has an `owner` attribute.
    """
+
    def has_permission(self, request, view):

        rules = [
@ -174,8 +177,8 @@ class IsCountryAdmin(IsStandardUser):
            .first()  # 'Comments moderator'

        rules = [
-                super().has_object_permission(request, view, obj)
-            ]
+            super().has_object_permission(request, view, obj)
+        ]
        # and request.user.email_confirmed,
        if hasattr(request, 'user') and request.user.is_authenticated:
            rules = [
@ -221,7 +224,7 @@ class IsCommentModerator(IsStandardUser):
    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request.
        role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
-                                   country_id=obj.country_id)\
+                                   country_id=obj.country_id) \
            .first()  # 'Comments moderator'

        rules = [
@ -234,10 +237,28 @@ class IsCommentModerator(IsStandardUser):

 class IsEstablishmentManager(IsStandardUser):

-    def has_object_permission(self, request, view, obj):
-        role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER)\
+    def has_permission(self, request, view):
+        rules = [
+            super().has_permission(request, view)
+        ]
+
+        # and request.user.email_confirmed,
+        if hasattr(request.data, 'user') and hasattr(request.data, 'establishment_id'):
+            role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
                .first()  # 'Comments moderator'

+            rules = [
+                UserRole.objects.filter(user=request.user, role=role,
+                                        establishment_id=request.data.establishment_id
+                                        ).exists(),
+                super().has_permission(request, view)
+            ]
+        return any(rules)
+
+    def has_object_permission(self, request, view, obj):
+        role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER) \
+            .first()  # 'Comments moderator'
+
        rules = [
            UserRole.objects.filter(user=request.user, role=role,
                                    establishment_id=obj.establishment_id
@ -250,11 +271,28 @@ class IsEstablishmentManager(IsStandardUser):

 class IsReviewerManager(IsStandardUser):

-    def has_object_permission(self, request, view, obj):
+    def has_permission(self, request, view):
+        rules = [
+            super().has_permission(request, view)
+        ]

+        # and request.user.email_confirmed,
+        if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'):
+            role = Role.objects.filter(role=Role.REVIEWER_MANGER) \
+                .first()  # 'Comments moderator'
+
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role,
+                                        establishment_id=request.data.country_id
+                                        ).exists(),
+                super().has_permission(request, view)
+            ]
+        return any(rules)
+
+    def has_object_permission(self, request, view, obj):
        role = Role.objects.filter(role=Role.REVIEWER_MANGER,
-                                   country_id=obj.country_id)\
-                .first()
+                                   country_id=obj.country_id) \
+            .first()

        rules = [
            UserRole.objects.filter(user=request.user, role=role).exists(),
@ -266,8 +304,25 @@ class IsReviewerManager(IsStandardUser):

 class IsRestaurantReviewer(IsStandardUser):

-    def has_object_permission(self, request, view, obj):
+    def has_permission(self, request, view):
+        rules = [
+            super().has_permission(request, view)
+        ]

+        # and request.user.email_confirmed,
+        if hasattr(request.data, 'user') and hasattr(request.data, 'object_id'):
+            role = Role.objects.filter(role=Role.RESTAURANT_REVIEWER) \
+                .first()  # 'Comments moderator'
+
+            rules = [
+                UserRole.objects.filter(user=request.user, role=role,
+                                        establishment_id=request.data.object_id
+                                        ).exists(),
+                super().has_permission(request, view)
+            ]
+        return any(rules)
+
+    def has_object_permission(self, request, view, obj):
        content_type = ContentType.objects.get(app_lable='establishment',
                                               model='establishment')