Esempio n. 1
0
    def perform_mutation(cls, _root, info, **data):
        if not cls.check_permissions(info.context):
            raise PermissionDenied()

        node_id = data.get("id")
        instance = cls.get_node_or_error(info, node_id, Address)
        if instance:
            cls.clean_instance(info, instance)

        db_id = instance.id

        # Return the first user that the address is assigned to. There is M2M
        # relation between users and addresses, but in most cases address is
        # related to only one user.
        user = instance.user_addresses.first()

        instance.delete()
        instance.id = db_id

        # Refresh the user instance to clear the default addresses. If the
        # deleted address was used as default, it would stay cached in the
        # user instance and the invalid ID returned in the response might cause
        # an error.
        user.refresh_from_db()

        response = cls.success_response(instance)
        if not user.default_shipping_address and user.addresses.first():
            user.default_shipping_address = user.addresses.first()
            user.save()
        response.user = user
        return response
Esempio n. 2
0
def resolve_address(info, id):
    user = info.context.user
    _model, address_pk = graphene.Node.from_global_id(id)

    if user and not user.is_anonymous:
        return user.addresses.filter(id=address_pk).first()
    return PermissionDenied()
Esempio n. 3
0
    def perform_mutation(cls, _root, info, **data):
        if not cls.check_permissions(info.context):
            raise PermissionDenied()
        node_id = data.get("id")
        instance = cls.get_node_or_error(info, node_id, only_type=Category)

        db_id = instance.id

        delete_categories([db_id])

        instance.id = db_id
        return cls.success_response(instance)
Esempio n. 4
0
def resolve_user(info, id):
    user = info.context.user
    if user:
        _model, user_pk = graphene.Node.from_global_id(id)
        if user.has_perms(
            [UserPermissions.MANAGE_STAFF, UserPermissions.MANAGE_CUSTOMERS]):
            return models.User.objects.exclude(id=user.id).filter(
                pk=user_pk).first()
        if user.has_perm(UserPermissions.MANAGE_STAFF):
            return models.User.objects.staff().exclude(id=user.id).filter(
                pk=user_pk).first()
        if user.has_perm(UserPermissions.MANAGE_CUSTOMERS):
            return models.User.objects.customers().filter(pk=user_pk).first()
    return PermissionDenied()
Esempio n. 5
0
 def clean_instance(cls, info, instance):
     # Method check_permissions cannot be used for permission check, because
     # it doesn't have the address instance.
     if not can_edit_address(info.context.user, instance):
         raise PermissionDenied()
     return super().clean_instance(info, instance)
Esempio n. 6
0
 def resolve_user(root: models.Checkout, info):
     user = info.context.user
     if user == root.user or user.has_perm(
             UserPermissions.MANAGE_CUSTOMERS):
         return root.user
     raise PermissionDenied()
Esempio n. 7
0
 def dispatch(self, request, *args, **kwargs):
     obj = self.get_object()
     if obj.author != self.request.user:
         raise PermissionDenied("You are not author of this post")
     return super(EditPostView, self).dispatch(request, *args, **kwargs)
Esempio n. 8
0
 def resolve_user(root: models.StaffNotificationRecipient, info):
     user = info.context.user
     if user == root.user or user.has_perm(UserPermissions.MANAGE_STAFF):
         return root.user
     raise PermissionDenied()