diff --git a/core/permissions.py b/core/permissions.py index 7e6f4e5..c80f763 100644 --- a/core/permissions.py +++ b/core/permissions.py @@ -9,3 +9,12 @@ class IsAuthorOrReadOnly(BasePermission): and request.user.is_authenticated and obj.author == request.user ) + + +class IsAdminUserOrReadOnly(BasePermission): + def has_permission(self, request, view): + return bool( + request.method in SAFE_METHODS + or request.user + and request.user.is_staff + ) diff --git a/market/serializers.py b/market/serializers.py index 4a11c8f..c986148 100644 --- a/market/serializers.py +++ b/market/serializers.py @@ -38,6 +38,14 @@ class ProductSerializer(ModelSerializer): fields = ("id", "name", "brand", "colors", "storages") +class ProductListSerializer(ModelSerializer): + brand = serializers.CharField(source="brand.name") + + class Meta: + model = Product + fields = ("id", "name", "brand") + + class ImageSerializer(ModelSerializer): class Meta: model = Image @@ -45,8 +53,10 @@ class ImageSerializer(ModelSerializer): class PostSerializer(ModelSerializer): + product = ProductListSerializer(read_only=True) nickname = serializers.CharField(source="author.nickname") images = ImageSerializer(many=True, read_only=True) + storage = serializers.CharField(source="storage.storage") class Meta: model = Post diff --git a/market/viewsets.py b/market/viewsets.py index be08e12..fb21962 100644 --- a/market/viewsets.py +++ b/market/viewsets.py @@ -4,7 +4,7 @@ from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet from core.mixins import ActionBasedMixin -from core.permissions import IsAuthorOrReadOnly +from core.permissions import IsAuthorOrReadOnly, IsAdminUserOrReadOnly from market.models import Brand, Product, Post from market.serializers import ( BrandSerializer, @@ -19,15 +19,11 @@ class BrandViewset(ActionBasedMixin, ModelViewSet): serializer_class_map = { "products": ProductSerializer, } - permission_classes = [IsAdminUser] - permission_classes_map = { - "list": [AllowAny], - "retrieve": [AllowAny], - } + permission_classes = [IsAdminUserOrReadOnly] pagination_class = None @action(detail=True, methods=["GET"]) - def products(self, request, pk): + def product(self, request, pk): brand = self.get_object() serializer = self.get_serializer(brand.products.all(), many=True) return Response(serializer.data) @@ -39,11 +35,7 @@ class ProductViewset(ActionBasedMixin, ModelViewSet): serializer_class_map = { "posts": PostSerializer, } - permission_classes = [IsAdminUser] - permission_classes_map = { - "list": [AllowAny], - "retrieve": [AllowAny], - } + permission_classes = [IsAdminUserOrReadOnly] @action(detail=True, methods=["GET"]) def posts(self, request, pk):