* Allow anonymous users to edit a set of fields of Checklist

2023-07-10 20:07:53 +04:00 · 2023-07-10 20:07:53 +04:00 · a528974347
commit a528974347
parent 77f0838d2d
2 changed files with 35 additions and 5 deletions
--- a/store/serializers.py
+++ b/store/serializers.py
@ -187,6 +187,17 @@ class ChecklistSerializer(serializers.ModelSerializer):
                  )


+class AnonymousUserChecklistSerializer(ChecklistSerializer):
+    class Meta:
+        model = ChecklistSerializer.Meta.model
+        fields = ChecklistSerializer.Meta.fields
+        read_only_fields = tuple(set(ChecklistSerializer.Meta.fields) -
+                                 {'paymentprovement', 'paymenttype',
+                                  'buyername', 'buyerphone',
+                                  'delivery',
+                                  'recievername', 'recieverphone', 'tg'})
+
+
 class GlobalSettingsYuanRateSerializer(serializers.ModelSerializer):
    currency = serializers.DecimalField(source='yuan_rate', max_digits=10, decimal_places=2)

--- a/store/views.py
+++ b/store/views.py
@ -16,10 +16,18 @@ from store.exceptions import CRMException
 from store.models import User, Checklist, GlobalSettings, Category, PaymentMethod, Promocode
 from store.serializers import (UserSerializer, LoginSerializer, ChecklistSerializer, GlobalSettingsYuanRateSerializer,
                               CategorySerializer, GlobalSettingsPriceSerializer, PaymentMethodSerializer,
-                               PromocodeSerializer, GlobalSettingsPickupSerializer)
+                               PromocodeSerializer, GlobalSettingsPickupSerializer, AnonymousUserChecklistSerializer)
 from utils.permissions import ReadOnly


+class DisablePermissionsMixin(generics.GenericAPIView):
+    def get_permissions(self):
+        if settings.DISABLE_PERMISSIONS:
+            return [permissions.AllowAny()]
+
+        return super().get_permissions()
+
+
 class UserAPI(mixins.ListModelMixin, mixins.RetrieveModelMixin, generics.GenericAPIView):
    serializer_class = UserSerializer

@ -56,15 +64,26 @@ class LoginAPI(generics.GenericAPIView):
        return Response(UserSerializer(user).data)


-class ChecklistAPI(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.RetrieveModelMixin, generics.GenericAPIView):
+class ChecklistAPI(mixins.ListModelMixin, mixins.CreateModelMixin, mixins.RetrieveModelMixin, DisablePermissionsMixin):
    serializer_class = ChecklistSerializer
-    permission_classes = [IsAuthenticated | ReadOnly] if not settings.DISABLE_PERMISSIONS else [permissions.AllowAny]
    lookup_field = 'id'
    filterset_fields = ['status', ]
    filter_backends = [filters.SearchFilter]
    search_fields = ['id', 'poizon_tracking', 'buyer_phone']
    # TODO: search by full_price

+    def get_serializer_class(self):
+        if self.request.user.is_authenticated:
+            return ChecklistSerializer
+
+        return AnonymousUserChecklistSerializer
+
+    def get_permissions(self):
+        if self.request.method in ('GET', 'PATCH'):
+            return [permissions.AllowAny()]
+
+        return super().get_permissions()
+
    def get_queryset(self):
        return Checklist.objects.all().with_base_related() \
            .annotate_price_rub().annotate_commission_rub() \
@ -163,9 +182,9 @@ class PricesAPI(generics.GenericAPIView):
        return Response(serializer.data)


-class PickupAPI(generics.GenericAPIView):
+class PickupAPI(DisablePermissionsMixin):
    serializer_class = GlobalSettingsPickupSerializer
-    permission_classes = [IsAuthenticated | ReadOnly] if not settings.DISABLE_PERMISSIONS else [permissions.AllowAny]
+    permission_classes = [IsAuthenticated | ReadOnly]

    def get_object(self):
        return GlobalSettings.load()