reviewer manager

2019-10-17 15:04:08 +03:00 · 2019-10-17 15:04:08 +03:00 · c80b53a0fc
commit c80b53a0fc
parent 094aa35e66
2 changed files with 50 additions and 50 deletions
--- a/apps/comment/tests.py
+++ b/apps/comment/tests.py
@ -59,7 +59,7 @@ class CommentModeratorPermissionTests(BasePermissionTests):

    def test_get(self):
        response = self.client.get(self.url, format='json')
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_put_other_user(self):
        other_user = User.objects.create_user(username='test',
--- a/apps/utils/permissions.py
+++ b/apps/utils/permissions.py
@ -53,11 +53,16 @@ class IsGuest(permissions.IsAuthenticatedOrReadOnly):
    """
    Object-level permission to only allow owners of an object to edit it.
    """
-    def has_object_permission(self, request, view, obj):
-        if request.method in permissions.SAFE_METHODS or request.user.is_superuser:
-            return True
+    def has_permission(self, request, view):
+        return request.user.is_authenticated

-        return False
+    def has_object_permission(self, request, view, obj):
+
+        rules = [
+            request.user.is_superuser,
+            request.method in permissions.SAFE_METHODS
+        ]
+        return any(rules)


 class IsStandardUser(IsGuest):
@ -67,34 +72,32 @@ class IsStandardUser(IsGuest):
    """
    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request
-        if obj.user == request.user and obj.user.email_confirmed:
-            return True
+        rules = [
+            obj.user == request.user and obj.user.email_confirmed,
+            super().has_object_permission(request, view, obj)
+        ]

-        if super().has_object_permission(request, view, obj):
-            return True
+        return any(rules)

-        return False

 class IsContentPageManager(IsStandardUser):
    """
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """
-
    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request.
+
        role = Role.objects.filter(role=Role.CONTENT_PAGE_MANAGER,
                                   country_id=obj.country_id)\
            .first()  # 'Comments moderator'

-        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
-        if obj.user != request.user and is_access:
-            return True
-
-        if super().has_object_permission(request, view, obj):
-            return True
-
-        return False
+        rules = [
+            UserRole.objects.filter(user=request.user, role=role).exists() and
+            obj.user != request.user,
+            super().has_object_permission(request, view, obj)
+        ]
+        return any(rules)


 class IsCountryAdmin(IsStandardUser):
@ -108,15 +111,13 @@ class IsCountryAdmin(IsStandardUser):
                                   country_id=obj.country_id) \
            .first()  # 'Comments moderator'

-        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
+        rules = [
+            obj.user != request.user and
+            UserRole.objects.filter(user=request.user, role=role).exists(),
+            super().has_object_permission(request, view, obj),
+        ]

-        if obj.user != request.user and is_access:
-            return True
-
-        if super().has_object_permission(request, view, obj):
-            return True
-
-        return False
+        return any(rules)


 class IsCommentModerator(IsStandardUser):
@ -124,22 +125,18 @@ class IsCommentModerator(IsStandardUser):
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """
-
    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request.
        role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,
                                   country_id=obj.country_id)\
            .first()  # 'Comments moderator'

-        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
-
-        if obj.user != request.user and is_access:
-            return True
-
-        if super().has_object_permission(request, view, obj):
-            return True
-
-        return False
+        rules = [
+            UserRole.objects.filter(user=request.user, role=role).exists() and
+            obj.user != request.user,
+            super().has_object_permission(request, view, obj)
+        ]
+        return any(rules)


 class IsEstablishmentManager(IsStandardUser):
@ -148,24 +145,27 @@ class IsEstablishmentManager(IsStandardUser):
        role = Role.objects.filter(role=Role.ESTABLISHMENT_MANAGER)\
                .first()  # 'Comments moderator'

-        is_access = UserRole.objects.filter(user=request.user, role=role,
-                                            establishment_id=obj.establishment_id).exists()
-        if is_access:
-            return True
+        rules = [
+            UserRole.objects.filter(user=request.user, role=role,
+                                    establishment_id=obj.establishment_id).exists(),
+            super().has_object_permission(request, view, obj)
+        ]

-        if super().has_object_permission(request, view, obj):
-            return True
-
-        return False
+        return any(rules)


 class IsReviewerManager(IsStandardUser):
+
    def has_object_permission(self, request, view, obj):
-        access_models=[""]

-        role = Role.objects.filter(role=Role.REVIEWER_MANGER)\
-                .first()  # 'Comments moderator'
+        role = Role.objects.filter(role=Role.REVIEWER_MANGER,
+                                   country_id=obj.country_id)\
+                .first()

-        is_access = UserRole.objects.filter(user=request.user, role=role)
-        return False
+        rules = [
+            UserRole.objects.filter(user=request.user, role=role).exists(),
+            super().has_object_permission(request, view, obj)
+        ]
+
+        return any(rules)