fixed regression introduced

2021-02-02 11:46:43 +00:00
parent ec584b7aab
commit c8d433c3f9
20 changed files with 377 additions and 237 deletions
--- a/back_latienda/permissions.py
+++ b/back_latienda/permissions.py
@@ -41,25 +41,26 @@ class CustomUserPermissions(permissions.BasePermission):
    """
    Custom permissions for managing custom user instances
    """
+    def has_permission(self, request, view):
+        # allow anon users to create new CustomUser (inactive)
+        if request.method == 'POST' and request.user.is_anonymous is True:
+            return True
+
+        # only admins can change or delete
+        if request.user.is_staff is True:
+            return True
+
+        # for everything else
+        return False
+
+
+class YourOwnUserPermissions(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
-        # check for object permissions
+        # user can interact with own instance of CustomUser
        if obj.email == request.user.email:
            return True
        elif request.user.is_staff is True:
            return True
        else:
            return False
-
-    def has_permission(self, request, view):
-        # allow anon users to create new CustomUser (inactive)
-        if request.method == 'POST' and request.user.is_anonymous is True:
-            return True
-        elif request.method == 'PUT' and request.user.is_authenticated is True:
-            return True
-        # only admins can change or delete
-        elif request.user.is_staff is True:
-            return True
-
-        # for everything else
-        return False
--- a/back_latienda/settings/base.py
+++ b/back_latienda/settings/base.py
@@ -33,15 +33,12 @@ SECRET_KEY = 'td*#7t-(1e9^(g0cod*hs**dp(%zvg@=$cug_-dtzcj#i2mrz@'
 # Application definition

 INSTALLED_APPS = [
-    'suit',
-
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
-    'django.contrib.gis',

    # 3rd party
    'rest_framework',
--- a/back_latienda/urls.py
+++ b/back_latienda/urls.py
@@ -20,6 +20,7 @@ from django.conf import settings

 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenVerifyView

+from core import views as core_views
 from .routers import router


@@ -27,5 +28,8 @@ urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/v1/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/v1/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+    path('api/v1/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
+    path('api/v1/user/change_password/<int:pk>/', core_views.ChangeUserPasswordView.as_view(), name="change-password"),
+    path('api/v1/user/update/<int:pk>/', core_views.UpdateUserView.as_view(), name="update-user"),
    path('api/v1/', include(router.urls)),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)