Merge pull request #172 from volunteers-for-city-projects/fixture-per…

…missions create for projects
volunteers-for-city-projects · Nov 9, 2023 · 24cc1a0 · 24cc1a0
2 parents 05701fd + e9b5949
commit 24cc1a0
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/backend/api/permissions.py b/backend/api/permissions.py
@@ -10,8 +10,9 @@ def has_permission(self, request, view):
         return request.user.is_authenticated and request.user.is_admin
 
 
-class IsOrganizer(BasePermission):
-    """Разрешает доступ только пользователям с ролью организатор."""
+class IsOrganizerOrReadOnly(BasePermission):
+    """Разрешает доступ для безопасных методов всем,
+    а для остальных только пользователям с ролью организатор."""
 
     def has_permission(self, request, view):
         return request.method in SAFE_METHODS or (
@@ -20,6 +21,17 @@ def has_permission(self, request, view):
         )
 
 
+class IsOrganizer(BasePermission):
+    """Разрешает доступ только пользователям с ролью организатор."""
+
+    def has_permission(self, request, view):
+        return bool(
+            request.user
+            and request.user.is_authenticated
+            and request.user.role == User.ORGANIZER
+        )
+
+
 class IsOrganizerOfProject(BasePermission):
     """
     Разрешает доступ только организатору проекта.
@@ -32,9 +44,15 @@ def has_object_permission(self, request, view, obj):
 class IsVolunteer(BasePermission):
     """Разрешает доступ только пользователям с ролью волонтер."""
 
+    # def has_permission(self, request, view):
+    #     return (
+    #         request.user.is_authenticated
+    #         and request.user.role == User.VOLUNTEER
+    #     )
     def has_permission(self, request, view):
-        return (
-            request.user.is_authenticated
+        return bool(
+            request.user
+            and request.user.is_authenticated
             and request.user.role == User.VOLUNTEER
         )
 

diff --git a/backend/api/serializers.py b/backend/api/serializers.py
@@ -281,6 +281,7 @@ class Meta:
             'status_approve',
             'skills',
         )
+        read_only_fields = ('organization',)
 
 
 class TagSerializer(serializers.ModelSerializer):

diff --git a/backend/api/views.py b/backend/api/views.py
@@ -40,6 +40,7 @@
 from .permissions import (
     IsOrganizer,
     IsOrganizerOfProject,
+    IsOrganizerOrReadOnly,
     IsVolunteer,
     IsVolunteerOfIncomes,
 )
@@ -120,6 +121,7 @@ class FeedbackCreateView(generics.CreateAPIView):
 
     queryset = Feedback.objects.all()
     serializer_class = FeedbackSerializer
+    permission_classes = (AllowAny,)
 
 
 class ProjectViewSet(viewsets.ModelViewSet):
@@ -135,19 +137,22 @@ class ProjectViewSet(viewsets.ModelViewSet):
     # serializer_class = ProjectSerializer
     filter_backends = [DjangoFilterBackend]
     filterset_class = ProjectFilter
-    permission_classes = [IsOrganizer]
+    permission_classes = [IsOrganizerOrReadOnly]
 
     def get_serializer_class(self):
         if self.request.method in SAFE_METHODS:
             return ProjectGetSerializer
         return ProjectSerializer
 
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        if serializer.is_valid():
-            self.perform_create(serializer)
-            return Response(serializer.data, status=status.HTTP_201_CREATED)
-        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+    def perform_create(self, serializer):
+        serializer.save(organization=self.request.user.organization)
+
+    # def create(self, request, *args, **kwargs):
+    #     serializer = self.get_serializer(data=request.data)
+    #     if serializer.is_valid():
+    #         self.perform_create(serializer)
+    #         return Response(serializer.data, status=status.HTTP_201_CREATED)
+    #     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
     def update(self, request, *args, **kwargs):
         instance = self.get_object()
@@ -466,9 +471,9 @@ def get_queryset(self):
             # return Project.objects.filter(organization=organization)
 
         #  добавила иначе ошибка если заходить администратором
-        raise PermissionDenied(
-            detail='Вы не являетесь волонтером или организатором'
-        )
+        # raise PermissionDenied(
+        #     detail='Вы не являетесь волонтером или организатором'
+        # )
 
     @swagger_auto_schema(
         manual_parameters=schemas.status_project_filter_params