def create(self, request, *args, **kwargs):
"""
POST:
mail: str require
username: str require
password1: str require
password2: str require
group: int
store: int
other field is optional
"""
obj = super(UserVs, self).create(request, *args, **kwargs)
user = User.objects.get(pk=obj.data['id'])
group = request.user.group
if not IsStore(request.user):
try:
group = Group.objects.get(pk=int(request.data.get('group')))
store = OutletStore.objects.get(
pk=int(request.data.get('store')))
except Exception:
group = GroupUser()
store = None
else:
store = request.user.store
user.group = group
user.store = store
user.save()
obj.data['group'] = group.id
if store is not None:
obj.data['store'] = store.id
return obj
def create(self, request, *args, **kwargs):
"""
POST:
store: int
tags = []
styles = []
commitments = []
"""
request.data['create_user'] = request.user.id
obj = super(ExampleHouseViewSet, self).create(request, *args, **kwargs)
house = ExampleHouse.objects.get(pk=obj.data['id'])
if not (IsStore(request.user) or IsSub(request.user)):
try:
store = OutletStore.objects.get(
pk=int(request.data.get('store')))
except Exception:
store = None
else:
store = request.user.store
if store is None:
house.delete()
return Response(
{
'status': False,
'messageCode': 'MH001',
'messageParams': {},
'data': {}
},
status=status.HTTP_404_NOT_FOUND)
house.store = store
house.save()
tags = request.data.get('tags')
if tags is not None:
for tag_name in tags:
if not (tag_name == '' or tag_name is None):
tag, created = Tag.objects.get_or_create(name=tag_name)
ExampleHouseTag.objects.create(tag=tag,
example_house=house)
styles = request.data.get('styles')
if styles is not None:
for style in styles:
try:
ExampleHouseStyle.objects.create(style_id=style,
example_house=house)
except Exception:
pass
commitments = request.data.get('commitments')
if commitments is not None:
for commitment in commitments:
try:
ExampleHouseCommitment.objects.create(
commitment_id=commitment, example_house=house)
except Exception:
pass
return obj
def has_permission(self, request, view):
try:
if(view.action in ["list", "retrieve"]):
return IsAdmin(request.user) or IsStore(request.user) or IsSub(request.user)
elif view.action in ["create", "update", "selfGetlistBooking"]:
return IsUser(request.user)
else:
return False
except Exception:
return False
def create(self, request, *args, **kwargs):
"""
POST:
store: int
events: []
tags: []
medias: []
"""
request.data['create_user'] = request.user.id
obj = super(ModelHouseViewSet, self).create(request, *args, **kwargs)
house = ModelHouse.objects.get(pk=obj.data['id'])
if not (IsStore(request.user) or IsSub(request.user)):
try:
store = OutletStore.objects.get(pk=int(request.data.get('store')))
except Exception:
store = None
else:
store = request.user.store
ModelHouseUser.objects.create(user_id=request.user.id, model_house=house)
if store is None:
house.delete()
return Response({
'status': False,
'messageCode': 'MH001',
'messageParams': {},
'data': {}
}, status=status.HTTP_404_NOT_FOUND)
events = request.data.get('events')
if events is not None:
for event in events:
try:
EventModelHouse.objects.create(event_id=event, model_house=house)
except Exception:
pass
tags = request.data.get('tags')
if tags is not None:
for tag_name in tags:
if not (tag_name == '' or tag_name is None):
tag, created = Tag.objects.get_or_create(name=tag_name)
ModelHouseTag.objects.create(tag=tag, model_house=house)
ModelHouseOutletStore.objects.create(outlet_store=store, model_house=house)
medias = request.data.getlist('medias')
count = 0
for media in medias:
if count < 5:
file = default_storage.save(media.name, media)
ModelHouseMedia.objects.create(model_house=house, url=settings.MEDIA_URL + file)
count += 1
return obj
def list(self, request, *args, **kwargs):
"""
Can filter group_id, username by adding parameter on url
GET: ?group_id=INT&username=STRING&store_id=INT
?name=STRING => Search like in username, first_name, last_name
"""
group = request.user.group
if IsStore(request.user): # group store admin
self.queryset = User.objects.filter(group=group)
name = request.GET.get('name')
if name is not None:
self.queryset = self.queryset.filter(
Q(username__contains=name) | Q(first_name__contains=name)
| Q(last_name__contains=name))
return super(UserVs, self).list(request, *args, **kwargs)
def has_object_permission(self, request, view, obj):
if IsAdmin(request.user):
return True
if obj.group == GroupAdmin():
return False
return IsStore(request.user) and obj.store == request.user.store
def has_permission(self, request, view):
try:
return IsAdmin(request.user) or IsStore(request.user)
except Exception:
return False
def has_object_permission(self, request, view, obj):
if IsAdmin(request.user):
return True
return (IsStore(request.user) or IsSub(request.user))