def create(self, request, *args, **kwargs): """ POST: mail: str require username: str require password1: str require password2: str require group: int store: int other field is optional """ obj = super(UserVs, self).create(request, *args, **kwargs) user = User.objects.get(pk=obj.data['id']) group = request.user.group if not IsStore(request.user): try: group = Group.objects.get(pk=int(request.data.get('group'))) store = OutletStore.objects.get( pk=int(request.data.get('store'))) except Exception: group = GroupUser() store = None else: store = request.user.store user.group = group user.store = store user.save() obj.data['group'] = group.id if store is not None: obj.data['store'] = store.id return obj
def create(self, request, *args, **kwargs): """ POST: store: int tags = [] styles = [] commitments = [] """ request.data['create_user'] = request.user.id obj = super(ExampleHouseViewSet, self).create(request, *args, **kwargs) house = ExampleHouse.objects.get(pk=obj.data['id']) if not (IsStore(request.user) or IsSub(request.user)): try: store = OutletStore.objects.get( pk=int(request.data.get('store'))) except Exception: store = None else: store = request.user.store if store is None: house.delete() return Response( { 'status': False, 'messageCode': 'MH001', 'messageParams': {}, 'data': {} }, status=status.HTTP_404_NOT_FOUND) house.store = store house.save() tags = request.data.get('tags') if tags is not None: for tag_name in tags: if not (tag_name == '' or tag_name is None): tag, created = Tag.objects.get_or_create(name=tag_name) ExampleHouseTag.objects.create(tag=tag, example_house=house) styles = request.data.get('styles') if styles is not None: for style in styles: try: ExampleHouseStyle.objects.create(style_id=style, example_house=house) except Exception: pass commitments = request.data.get('commitments') if commitments is not None: for commitment in commitments: try: ExampleHouseCommitment.objects.create( commitment_id=commitment, example_house=house) except Exception: pass return obj
def has_permission(self, request, view): try: if(view.action in ["list", "retrieve"]): return IsAdmin(request.user) or IsStore(request.user) or IsSub(request.user) elif view.action in ["create", "update", "selfGetlistBooking"]: return IsUser(request.user) else: return False except Exception: return False
def create(self, request, *args, **kwargs): """ POST: store: int events: [] tags: [] medias: [] """ request.data['create_user'] = request.user.id obj = super(ModelHouseViewSet, self).create(request, *args, **kwargs) house = ModelHouse.objects.get(pk=obj.data['id']) if not (IsStore(request.user) or IsSub(request.user)): try: store = OutletStore.objects.get(pk=int(request.data.get('store'))) except Exception: store = None else: store = request.user.store ModelHouseUser.objects.create(user_id=request.user.id, model_house=house) if store is None: house.delete() return Response({ 'status': False, 'messageCode': 'MH001', 'messageParams': {}, 'data': {} }, status=status.HTTP_404_NOT_FOUND) events = request.data.get('events') if events is not None: for event in events: try: EventModelHouse.objects.create(event_id=event, model_house=house) except Exception: pass tags = request.data.get('tags') if tags is not None: for tag_name in tags: if not (tag_name == '' or tag_name is None): tag, created = Tag.objects.get_or_create(name=tag_name) ModelHouseTag.objects.create(tag=tag, model_house=house) ModelHouseOutletStore.objects.create(outlet_store=store, model_house=house) medias = request.data.getlist('medias') count = 0 for media in medias: if count < 5: file = default_storage.save(media.name, media) ModelHouseMedia.objects.create(model_house=house, url=settings.MEDIA_URL + file) count += 1 return obj
def list(self, request, *args, **kwargs): """ Can filter group_id, username by adding parameter on url GET: ?group_id=INT&username=STRING&store_id=INT ?name=STRING => Search like in username, first_name, last_name """ group = request.user.group if IsStore(request.user): # group store admin self.queryset = User.objects.filter(group=group) name = request.GET.get('name') if name is not None: self.queryset = self.queryset.filter( Q(username__contains=name) | Q(first_name__contains=name) | Q(last_name__contains=name)) return super(UserVs, self).list(request, *args, **kwargs)
def has_object_permission(self, request, view, obj): if IsAdmin(request.user): return True if obj.group == GroupAdmin(): return False return IsStore(request.user) and obj.store == request.user.store
def has_permission(self, request, view): try: return IsAdmin(request.user) or IsStore(request.user) except Exception: return False
def has_object_permission(self, request, view, obj): if IsAdmin(request.user): return True return (IsStore(request.user) or IsSub(request.user))