Simplify Card views and allow editing courses
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
from django.contrib.auth.models import User, Group
|
||||
from django.db.models import Max
|
||||
from rest_framework import viewsets, views, mixins, generics, exceptions
|
||||
from rest_framework.permissions import BasePermission, IsAuthenticated
|
||||
from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS
|
||||
from rest_framework.response import Response
|
||||
from rest_auth.views import PasswordChangeView
|
||||
from rest_auth.registration.views import RegisterView
|
||||
@@ -19,11 +19,24 @@ def is_admin_director(user):
|
||||
|
||||
class IsOwnerOrAdmin(BasePermission):
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return obj.user == request.user or is_admin_director(request.user)
|
||||
return request.user and (obj.user == request.user or is_admin_director(request.user))
|
||||
|
||||
class IsAdminOrReadOnly(BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
return bool(
|
||||
request.method in SAFE_METHODS or
|
||||
request.user and
|
||||
is_admin_director(request.user)
|
||||
)
|
||||
|
||||
class IsInstructorOrReadOnly(BasePermission):
|
||||
def has_permission(self, request, view):
|
||||
return bool(
|
||||
request.method in SAFE_METHODS or
|
||||
request.user and
|
||||
request.user.member.is_instructor
|
||||
)
|
||||
|
||||
class IsInstructor(BasePermission):
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return user.member.is_instructor
|
||||
|
||||
|
||||
class RetrieveUpdateViewSet(
|
||||
@@ -116,18 +129,13 @@ class MemberViewSet(RetrieveUpdateViewSet):
|
||||
|
||||
|
||||
class CardViewSet(CreateRetrieveUpdateDeleteViewSet):
|
||||
permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin]
|
||||
permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin, IsAdminOrReadOnly]
|
||||
queryset = models.Card.objects.all()
|
||||
|
||||
def get_serializer_class(self):
|
||||
if is_admin_director(self.request.user):
|
||||
return serializers.AdminCardSerializer
|
||||
else:
|
||||
return serializers.CardSerializer
|
||||
serializer_class = serializers.CardSerializer
|
||||
|
||||
|
||||
class CourseViewSet(viewsets.ModelViewSet):
|
||||
permission_classes = [AllowMetadata | IsAuthenticated]
|
||||
permission_classes = [AllowMetadata | IsAuthenticated, IsAdminOrReadOnly | IsInstructorOrReadOnly]
|
||||
queryset = models.Course.objects.annotate(date=Max('sessions__datetime')).order_by('-date')
|
||||
|
||||
def get_serializer_class(self):
|
||||
|
||||
Reference in New Issue
Block a user