def perform_mutation(cls, _root, info, **data):
if not cls.check_permissions(info.context):
raise PermissionDenied()
node_id = data.get("id")
instance = cls.get_node_or_error(info, node_id, Address)
if instance:
cls.clean_instance(info, instance)
db_id = instance.id
# Return the first user that the address is assigned to. There is M2M
# relation between users and addresses, but in most cases address is
# related to only one user.
user = instance.user_addresses.first()
instance.delete()
instance.id = db_id
# Refresh the user instance to clear the default addresses. If the
# deleted address was used as default, it would stay cached in the
# user instance and the invalid ID returned in the response might cause
# an error.
user.refresh_from_db()
response = cls.success_response(instance)
if not user.default_shipping_address and user.addresses.first():
user.default_shipping_address = user.addresses.first()
user.save()
response.user = user
return response
def resolve_address(info, id):
user = info.context.user
_model, address_pk = graphene.Node.from_global_id(id)
if user and not user.is_anonymous:
return user.addresses.filter(id=address_pk).first()
return PermissionDenied()
def perform_mutation(cls, _root, info, **data):
if not cls.check_permissions(info.context):
raise PermissionDenied()
node_id = data.get("id")
instance = cls.get_node_or_error(info, node_id, only_type=Category)
db_id = instance.id
delete_categories([db_id])
instance.id = db_id
return cls.success_response(instance)
def resolve_user(info, id):
user = info.context.user
if user:
_model, user_pk = graphene.Node.from_global_id(id)
if user.has_perms(
[UserPermissions.MANAGE_STAFF, UserPermissions.MANAGE_CUSTOMERS]):
return models.User.objects.exclude(id=user.id).filter(
pk=user_pk).first()
if user.has_perm(UserPermissions.MANAGE_STAFF):
return models.User.objects.staff().exclude(id=user.id).filter(
pk=user_pk).first()
if user.has_perm(UserPermissions.MANAGE_CUSTOMERS):
return models.User.objects.customers().filter(pk=user_pk).first()
return PermissionDenied()
def clean_instance(cls, info, instance):
# Method check_permissions cannot be used for permission check, because
# it doesn't have the address instance.
if not can_edit_address(info.context.user, instance):
raise PermissionDenied()
return super().clean_instance(info, instance)
def resolve_user(root: models.Checkout, info):
user = info.context.user
if user == root.user or user.has_perm(
UserPermissions.MANAGE_CUSTOMERS):
return root.user
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
obj = self.get_object()
if obj.author != self.request.user:
raise PermissionDenied("You are not author of this post")
return super(EditPostView, self).dispatch(request, *args, **kwargs)
def resolve_user(root: models.StaffNotificationRecipient, info):
user = info.context.user
if user == root.user or user.has_perm(UserPermissions.MANAGE_STAFF):
return root.user
raise PermissionDenied()