kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improvement to custom user endpoint

Browse Source
This commit is contained in:
Sam
2021-01-25 12:28:46 +00:00
parent f94d822d5e
commit c3c9f54c54
4 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
back_latienda/permissions.py
View File

@@ -31,6 +31,24 @@ class IsStaff(permissions.BasePermission):
return True return True
return False return False
class ReadOnly(permissions.BasePermission): class ReadOnly(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return request.method in permissions.SAFE_METHODS return request.method in permissions.SAFE_METHODS
class CustomUserPermissions(permissions.BasePermission):
"""
Custom permissions for managing custom user instances
"""
def has_permission(self, request, view):
# allow anon users to create new CustomUser (inactive)
if request.method == 'POST' and request.user.is_anonymous is True:
return True
# only admins can change or delete
if request.user.is_staff is True:
return True
# for everything else
return False

1
core/management/commands/addgeo.py
View File

@@ -79,7 +79,6 @@ class Command(BaseCommand):
logging.info(f"Creating Province instance {location['fields']['name']}...") logging.info(f"Creating Province instance {location['fields']['name']}...")
name = location['fields']['name'] name = location['fields']['name']
# get parent region # get parent region
# import ipdb; ipdb.set_trace()
parent_region = Region.objects.get(id=location['fields']['region']) parent_region = Region.objects.get(id=location['fields']['region'])
Province.objects.create(name=name, region=parent_region, id=location['pk']) Province.objects.create(name=name, region=parent_region, id=location['pk'])
province_counter += 1 province_counter += 1

17
core/tests.py
View File

@@ -1,5 +1,6 @@
import random import random
import string import string
import json
from django.test import TestCase from django.test import TestCase
@@ -36,11 +37,21 @@ class CustomUserViewSetTest(APITestCase):
"""Not logged-in user can create new instance of User but it's inactive """Not logged-in user can create new instance of User but it's inactive
TODO: should create inactive user TODO: should create inactive user
""" """
data = {
'email': 'test@email.com',
'full_name': 'TEST NAME',
'password1': 'VENTILADORES1234499.89',
'password2': 'VENTILADORES1234499.89',
}
# Query endpoint # Query endpoint
response = self.client.post(self.endpoint, data={}) response = self.client.post(self.endpoint, data=data)
# Assert access is forbidden
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) # Assert creation is successful
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# assert instance is inactive
info = json.loads(response.content)
self.assertFalse(info['is_active'])
def test_anon_user_cannot_modify_existing_instance(self): def test_anon_user_cannot_modify_existing_instance(self):
"""Not logged-in user cannot modify existing instance """Not logged-in user cannot modify existing instance

4
core/views.py
View File

@@ -8,6 +8,8 @@ from rest_framework.permissions import IsAdminUser
from . import models from . import models
from . import serializers from . import serializers
from back_latienda.permissions import CustomUserPermissions
# Create your views here. # Create your views here.
class CustomUserViewSet(viewsets.ModelViewSet): class CustomUserViewSet(viewsets.ModelViewSet):
@@ -16,4 +18,4 @@ class CustomUserViewSet(viewsets.ModelViewSet):
serializer_class = serializers.CustomUserSerializer serializer_class = serializers.CustomUserSerializer
model_name = 'custom_user' model_name = 'custom_user'
queryset = models.CustomUser.objects.all() queryset = models.CustomUser.objects.all()
permission_classes = [IsAdminUser,] permission_classes = [CustomUserPermissions,]