-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from Abramov0Alexandr/feature
Написал контроллеры, сериализаторы и определил права доступа
- Loading branch information
Showing
6 changed files
with
128 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
from rest_framework.permissions import BasePermission | ||
|
||
|
||
class IsSeller(BasePermission): | ||
""" | ||
Данный класс предоставляет право доступа к контроллеру в том случае, | ||
если текущий пользователь имеет статус "Продавец". | ||
""" | ||
|
||
def has_permission(self, request, view): | ||
return bool(request.user.is_seller) | ||
|
||
|
||
class IsSuperUser(BasePermission): | ||
""" | ||
Данный класс определяет права доступа для пользователей, у которых стоит флаг 'is_superuser'. | ||
В отличие от IsAdminUser, 'IsSuperUser' предоставляет доступ только суперпользователям. | ||
""" | ||
|
||
def has_permission(self, request, view): | ||
return bool(request.user.is_superuser) | ||
|
||
|
||
class IsShopOwner(BasePermission): | ||
""" | ||
Контроллер определяет доступ только к тем объектам, которые были созданы текущим авторизованным пользователем. | ||
""" | ||
|
||
def has_object_permission(self, request, view, obj): | ||
|
||
if request.user == obj.seller: | ||
return True | ||
|
||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from rest_framework import serializers | ||
from products.models import Product | ||
|
||
|
||
class ProductSerializer(serializers.ModelSerializer): | ||
""" | ||
Сериализатор модели Product. | ||
:shop_title Название магазина, указанное продавцом при регистрации. Значение берется из модели CustomUser. | ||
:seller Удобочитаемое отображение пользователя (email) вместо id пользователя. | ||
""" | ||
|
||
shop_title = serializers.CharField(source='seller.shop_name', read_only=True) | ||
seller = serializers.CharField(default=serializers.CurrentUserDefault(), read_only=True) | ||
|
||
class Meta: | ||
model = Product | ||
fields = '__all__' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
from django.urls import path | ||
from .apps import ProductsConfig | ||
from .views import ProductCreateView, ProductDetailView, ProductListView, ProductDeleteView | ||
|
||
app_name = ProductsConfig.name | ||
|
||
|
||
urlpatterns = [ | ||
path('create/', ProductCreateView.as_view(), name='create-product'), | ||
path('list/', ProductListView.as_view(), name='products-list'), | ||
path('detail/<int:pk>/', ProductDetailView.as_view(), name='product-detail'), | ||
path('delete/<int:pk>/', ProductDeleteView.as_view(), name='product-delete'), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
from rest_framework import generics | ||
from products.models import Product | ||
from products.permissions import IsSeller, IsSuperUser, IsShopOwner | ||
from products.serializers import ProductSerializer | ||
|
||
|
||
class ProductCreateView(generics.CreateAPIView): | ||
""" | ||
Контроллер для публикации продукта. | ||
Доступ к контроллеру имеется только у суперпользователя и пользователей со статусом "Продавец". | ||
""" | ||
|
||
serializer_class = ProductSerializer | ||
permission_classes = [IsSeller | IsSuperUser] | ||
|
||
def perform_create(self, serializer): | ||
|
||
new_product = serializer.save(seller=self.request.user) | ||
new_product.seller = self.request.user | ||
new_product.save() | ||
|
||
|
||
class ProductListView(generics.ListCreateAPIView): | ||
""" | ||
Контроллер для просмотра размещенных на площадке товарах. | ||
Доступ к контроллеру имеется только у суперпользователя и пользователей со статусом "Продавец". | ||
Каждый продавец видит список только своих товаров, суперпользователь видит все размещенные товары. | ||
""" | ||
|
||
serializer_class = ProductSerializer | ||
permission_classes = [IsSeller | IsSuperUser] | ||
|
||
def get_queryset(self): | ||
if self.request.user.is_superuser: | ||
return Product.objects.all() | ||
|
||
return Product.objects.filter(seller=self.request.user) | ||
|
||
|
||
class ProductDetailView(generics.RetrieveAPIView): | ||
""" | ||
Контроллер для просмотра детальной информации о товаре. | ||
Информацию о товаре может просмотреть только тот продавец, который разместил данный товар. | ||
Суперпользователь может просматривать детальную информацию всех размещенных товаров. | ||
""" | ||
|
||
queryset = Product.objects.all() | ||
serializer_class = ProductSerializer | ||
permission_classes = [IsShopOwner | IsSuperUser] | ||
|
||
|
||
class ProductDeleteView(generics.DestroyAPIView): | ||
""" | ||
Контроллер для удаления размещенного на площадке товара. | ||
Удалить товар может только тот продавец, который разместил данный товар. | ||
Суперпользователь может удалить любой размещенный товар. | ||
""" | ||
|
||
queryset = Product.objects.all() | ||
permission_classes = [IsShopOwner | IsSuperUser] |