Fix permission
This commit is contained in:
parent
75adb90d50
commit
0739171afa
@ -9,3 +9,12 @@ class IsAuthorOrReadOnly(BasePermission):
|
|||||||
and request.user.is_authenticated
|
and request.user.is_authenticated
|
||||||
and obj.author == request.user
|
and obj.author == request.user
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class IsAdminUserOrReadOnly(BasePermission):
|
||||||
|
def has_permission(self, request, view):
|
||||||
|
return bool(
|
||||||
|
request.method in SAFE_METHODS
|
||||||
|
or request.user
|
||||||
|
and request.user.is_staff
|
||||||
|
)
|
||||||
|
@ -38,6 +38,14 @@ class ProductSerializer(ModelSerializer):
|
|||||||
fields = ("id", "name", "brand", "colors", "storages")
|
fields = ("id", "name", "brand", "colors", "storages")
|
||||||
|
|
||||||
|
|
||||||
|
class ProductListSerializer(ModelSerializer):
|
||||||
|
brand = serializers.CharField(source="brand.name")
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = Product
|
||||||
|
fields = ("id", "name", "brand")
|
||||||
|
|
||||||
|
|
||||||
class ImageSerializer(ModelSerializer):
|
class ImageSerializer(ModelSerializer):
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Image
|
model = Image
|
||||||
@ -45,8 +53,10 @@ class ImageSerializer(ModelSerializer):
|
|||||||
|
|
||||||
|
|
||||||
class PostSerializer(ModelSerializer):
|
class PostSerializer(ModelSerializer):
|
||||||
|
product = ProductListSerializer(read_only=True)
|
||||||
nickname = serializers.CharField(source="author.nickname")
|
nickname = serializers.CharField(source="author.nickname")
|
||||||
images = ImageSerializer(many=True, read_only=True)
|
images = ImageSerializer(many=True, read_only=True)
|
||||||
|
storage = serializers.CharField(source="storage.storage")
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Post
|
model = Post
|
||||||
|
@ -4,7 +4,7 @@ from rest_framework.response import Response
|
|||||||
from rest_framework.viewsets import ModelViewSet
|
from rest_framework.viewsets import ModelViewSet
|
||||||
|
|
||||||
from core.mixins import ActionBasedMixin
|
from core.mixins import ActionBasedMixin
|
||||||
from core.permissions import IsAuthorOrReadOnly
|
from core.permissions import IsAuthorOrReadOnly, IsAdminUserOrReadOnly
|
||||||
from market.models import Brand, Product, Post
|
from market.models import Brand, Product, Post
|
||||||
from market.serializers import (
|
from market.serializers import (
|
||||||
BrandSerializer,
|
BrandSerializer,
|
||||||
@ -19,15 +19,11 @@ class BrandViewset(ActionBasedMixin, ModelViewSet):
|
|||||||
serializer_class_map = {
|
serializer_class_map = {
|
||||||
"products": ProductSerializer,
|
"products": ProductSerializer,
|
||||||
}
|
}
|
||||||
permission_classes = [IsAdminUser]
|
permission_classes = [IsAdminUserOrReadOnly]
|
||||||
permission_classes_map = {
|
|
||||||
"list": [AllowAny],
|
|
||||||
"retrieve": [AllowAny],
|
|
||||||
}
|
|
||||||
pagination_class = None
|
pagination_class = None
|
||||||
|
|
||||||
@action(detail=True, methods=["GET"])
|
@action(detail=True, methods=["GET"])
|
||||||
def products(self, request, pk):
|
def product(self, request, pk):
|
||||||
brand = self.get_object()
|
brand = self.get_object()
|
||||||
serializer = self.get_serializer(brand.products.all(), many=True)
|
serializer = self.get_serializer(brand.products.all(), many=True)
|
||||||
return Response(serializer.data)
|
return Response(serializer.data)
|
||||||
@ -39,11 +35,7 @@ class ProductViewset(ActionBasedMixin, ModelViewSet):
|
|||||||
serializer_class_map = {
|
serializer_class_map = {
|
||||||
"posts": PostSerializer,
|
"posts": PostSerializer,
|
||||||
}
|
}
|
||||||
permission_classes = [IsAdminUser]
|
permission_classes = [IsAdminUserOrReadOnly]
|
||||||
permission_classes_map = {
|
|
||||||
"list": [AllowAny],
|
|
||||||
"retrieve": [AllowAny],
|
|
||||||
}
|
|
||||||
|
|
||||||
@action(detail=True, methods=["GET"])
|
@action(detail=True, methods=["GET"])
|
||||||
def posts(self, request, pk):
|
def posts(self, request, pk):
|
||||||
|
Loading…
Reference in New Issue
Block a user