kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

user modification enabled

Browse Source
This commit is contained in:
Sam
2021-02-01 13:32:34 +00:00
parent b8cd663fee
commit ee33b327fa
5 changed files with 45 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
back_latienda/permissions.py
View File

@@ -41,13 +41,24 @@ class CustomUserPermissions(permissions.BasePermission):
"""
Custom permissions for managing custom user instances
"""
def has_object_permission(self, request, view, obj):
# check for object permissions
if obj.email == request.user.email:
return True
elif request.user.is_staff is True:
return True
else:
return False
def has_permission(self, request, view):
# allow anon users to create new CustomUser (inactive)
if request.method == 'POST' and request.user.is_anonymous is True:
return True
elif request.method == 'PUT' and request.user.is_authenticated is True:
return True
# only admins can change or delete
if request.user.is_staff is True:
elif request.user.is_staff is True:
return True
# for everything else

2
core/models.py
View File

@@ -46,7 +46,7 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
email_verified = models.BooleanField('Email verificado', default=False, null=True)
company = models.ForeignKey(Company, null=True, on_delete=models.DO_NOTHING, related_name='custom_user')
is_active = models.BooleanField('Activo', default=True)
is_active = models.BooleanField('Activo', default=False)
is_staff = models.BooleanField('Empleado',default=False)
modified = models.DateTimeField(auto_now=True, null=True, blank=True)

4
core/serializers.py
View File

@@ -11,14 +11,14 @@ class CustomUserReadSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('email', 'full_name', 'role', 'is_active',)
fields = ('email', 'full_name', 'role', 'is_active', 'provider')
class CustomUserWriteSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('email', 'full_name', 'role', 'is_active', 'password')
fields = ('email', 'full_name', 'role', 'password', 'provider')
class CreatorSerializer(serializers.ModelSerializer):

23
core/tests.py
View File

@@ -43,6 +43,7 @@ class CustomUserViewSetTest(APITestCase):
'email': 'test@email.com',
'full_name': 'TEST NAME',
'password': 'VENTILADORES1234499.89',
'provider': 'TWITTER',
}
# Query endpoint
@@ -57,7 +58,6 @@ class CustomUserViewSetTest(APITestCase):
self.assertNotEqual('', new_user.password)
# assert instance is inactive
info = json.loads(response.content)
self.assertFalse(info['is_active'])
def test_anon_user_cannot_modify_existing_instance(self):
@@ -110,6 +110,27 @@ class CustomUserViewSetTest(APITestCase):
# Assert access is forbidden
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_regular_user_can_modify_own_instance(self):
"""Regular user can modify own instance
"""
# Create instance
data = {
"email": "new_email@mail.com",
"full_name": "New Full Name",
"password": "SUPERSECRETNEWPASSWORD",
}
# Authenticate
token = get_tokens_for_user(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
# Query endpoint
url = self.endpoint + f'{self.user.pk}/'
response = self.client.put(url, data=data, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_regular_user_cannot_modify_existing_instance(self):
"""Regular user cannot modify existing instance
"""

7
core/views.py
View File

@@ -1,4 +1,4 @@
from django.shortcuts import render
from django.shortcuts import render, get_object_or_404
from django.http import HttpResponse
from rest_framework import status
@@ -44,3 +44,8 @@ class CustomUserViewSet(viewsets.ModelViewSet):
serializer.errors, status=status.HTTP_406_NOT_ACCEPTABLE)
except Exception as e:
return Response(str(e), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def get_object(self):
obj = get_object_or_404(self.get_queryset(), pk=self.kwargs["pk"])
self.check_object_permissions(self.request, obj)
return obj