From 79ae17d8f5a8e94ba6ef2fac49e6b52cf5a7d25a Mon Sep 17 00:00:00 2001 From: Alexey Kudelko Date: Mon, 26 Feb 2024 19:05:56 +0300 Subject: [PATCH 1/3] readded permissions for exact users for exact programs --- users/admin.py | 5 +++++ users/models.py | 4 ++++ users/permissions.py | 12 +++++++++++- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/users/admin.py b/users/admin.py index 0e506205..49ecba7c 100644 --- a/users/admin.py +++ b/users/admin.py @@ -198,3 +198,8 @@ class UserAchievementAdmin(admin.ModelAdmin): class UserLinkAdmin(admin.ModelAdmin): list_display = ("id", "user", "link") list_display_links = ("id", "user", "link") + + +@admin.register(Expert) +class ExpertAdmin(admin.ModelAdmin): + list_display = ("id", "user") diff --git a/users/models.py b/users/models.py index 25006014..c28f950f 100644 --- a/users/models.py +++ b/users/models.py @@ -327,6 +327,10 @@ class Expert(AbstractUserWithRole): preferred_industries = models.CharField(max_length=4096, null=True, blank=True) useful_to_project = models.TextField(blank=True) + programs = models.ManyToManyField( + "partner_programs.PartnerProgram", related_name="experts", blank=True + ) + class Meta(TypedModelMeta): verbose_name = "Эксперт" verbose_name_plural = "Эксперты" diff --git a/users/permissions.py b/users/permissions.py index ef53b4de..e8f6ade3 100644 --- a/users/permissions.py +++ b/users/permissions.py @@ -1,5 +1,8 @@ +from rest_framework.exceptions import PermissionDenied from rest_framework.permissions import BasePermission, SAFE_METHODS +from users.models import Expert + class IsAchievementOwnerOrReadOnly(BasePermission): """ @@ -18,4 +21,11 @@ class IsExpert(BasePermission): """ def has_permission(self, request, view): - return request.user.user_type == 3 + user = request.user + program_id = view.kwargs.get("program_id") + + if not user.user_type == 3: + raise PermissionDenied("User is not an expert") + if not Expert.objects.filter(programs__id=program_id, user=user).exists(): + raise PermissionDenied("You don't have permission to rate this program") + return True From ff87a2ce8be111987e0b70e2804d9307502635d4 Mon Sep 17 00:00:00 2001 From: Alexey Kudelko Date: Mon, 26 Feb 2024 19:13:47 +0300 Subject: [PATCH 2/3] migration added --- users/migrations/0046_expert_programs.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 users/migrations/0046_expert_programs.py diff --git a/users/migrations/0046_expert_programs.py b/users/migrations/0046_expert_programs.py new file mode 100644 index 00000000..469f8d83 --- /dev/null +++ b/users/migrations/0046_expert_programs.py @@ -0,0 +1,21 @@ +# Generated by Django 4.2.3 on 2024-02-26 15:22 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("partner_programs", "0004_auto_20231230_0002"), + ("users", "0045_alter_customuser_v2_speciality"), + ] + + operations = [ + migrations.AddField( + model_name="expert", + name="programs", + field=models.ManyToManyField( + blank=True, related_name="experts", to="partner_programs.partnerprogram" + ), + ), + ] From 8252bca1059a05f621d89d69cf426ba67afafcc7 Mon Sep 17 00:00:00 2001 From: Alexey Kudelko Date: Mon, 26 Feb 2024 20:21:00 +0300 Subject: [PATCH 3/3] fixed bug of comment 1 --- project_rates/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project_rates/views.py b/project_rates/views.py index 358677b0..c226fbc2 100644 --- a/project_rates/views.py +++ b/project_rates/views.py @@ -89,7 +89,7 @@ def get(self, request, *args, **kwargs): for project in projects_serializer.data: filled_values = 0 for criteria in project["criterias"]: - if criteria.get("value", None): + if criteria["name"] == "Комментарий" or criteria.get("value", None): filled_values += 1 if filled_values == len(project["criterias"]):