From 2d00b099db48dc7645aad4f83999da30f12995a4 Mon Sep 17 00:00:00 2001 From: Himanshu Shankar Date: Tue, 25 Dec 2018 15:17:13 +0530 Subject: [PATCH] Changed `Outlet` Admin Fixed `permissions` --- outlet/admin.py | 65 +++++++++++++++++++++++++++++++++++++++++-- outlet/permissions.py | 41 +++++++++++++++++++-------- 2 files changed, 92 insertions(+), 14 deletions(-) diff --git a/outlet/admin.py b/outlet/admin.py index 5859ac4..0617445 100644 --- a/outlet/admin.py +++ b/outlet/admin.py @@ -23,12 +23,73 @@ class OutletImageInline(admin.StackedInline): fields = ('name', 'image') +class OutletProductAdmin(CreateUpdateAdmin): + list_display = ('id', 'product_link', 'outlet_link', 'stock') + readonly_fields = ('product_link', 'outlet_link') + list_filter = ('product', 'outlet') + + def get_changeform_initial_data(self, request): + from .models import Outlet + + data = {} + if 'outlet__id' in request.GET: + outlet = Outlet.objects.get(pk=request.GET['outlet__id']) + data['outlet'] = outlet + return data + + def product_link(self, obj): + from django.urls import reverse + + from django.utils.html import format_html + + url = reverse('admin:%s_%s_change' % ('product', 'product'), + args=(obj.product.id,)) + return format_html('{name}', url=url, + name=obj.product.name) + product_link.short_description = "Product" + + def outlet_link(self, obj): + from django.urls import reverse + + from django.utils.html import format_html + + url = reverse('admin:%s_%s_change' % ('outlet', 'outlet'), + args=(obj.outlet.id,)) + return format_html('{name}', url=url, + name=obj.outlet.name) + outlet_link.short_description = "Outlet" + + class OutletAdmin(CreateUpdateAdmin): - list_display = ('id', 'name', 'city', 'area', 'pincode') + list_display = ('id', 'name', 'city', 'area', 'pincode', 'products') list_filter = ('city', 'area', 'pincode') search_fields = ('name', 'city', 'area', 'unit', 'building', 'pincode') - inlines = (OutletManagerInline, OutletProductInline, OutletImageInline) + readonly_fields = ('products', ) + inlines = (OutletManagerInline, OutletImageInline) + + def products(self, obj): + from django.urls import reverse + + from django.utils.html import format_html + + count = obj.outletproduct_set.count() + if count > 1: + url = reverse("admin:outlet_outletproduct_changelist") + url = ('Check {op} ' + 'products' + .format(url=url, op=count, oid=obj.id)) + elif count == 1: + prod = obj.outletproduct_set.first() + url = reverse("admin:outlet_outletproduct_change", args=(prod, )) + url = 'Open {prod}'.format(url=url, + prod=prod.name) + else: + url = '0 Products (Add now)'.format( + reverse("admin:outlet_outletproduct_add"), obj.id) + return format_html(url) + products.short_description = "Open Outlet Products" admin.site.register(Outlet, OutletAdmin) +admin.site.register(OutletProduct, OutletProductAdmin) admin.site.register(OutletManager) diff --git a/outlet/permissions.py b/outlet/permissions.py index 433d80e..92bd44d 100644 --- a/outlet/permissions.py +++ b/outlet/permissions.py @@ -1,4 +1,4 @@ -from rest_framework.permissions import BasePermission +from rest_framework.permissions import IsAuthenticated from drf_user.models import User @@ -15,35 +15,52 @@ def is_owner(user: User)->bool: return Outlet.objects.filter(created_by=user).count() > 0 -class IsOwner(BasePermission): +class IsOutletOwner(IsAuthenticated): def has_permission(self, request, view)->bool: - return super(IsOwner, self).has_permission(request, view) and is_owner(request.user) + return super(IsOutletOwner, self).has_permission(request, view) and is_owner(request.user) def has_object_permission(self, request, view, obj): from .models import Outlet + from order.models import Order + + if isinstance(obj, Order): + obj = obj.outlet + if isinstance(obj, Outlet): return obj.created_by == request.user -class OwnerOrManager(IsOwner): +class IsManager(IsAuthenticated): def has_permission(self, request, view): - return super(OwnerOrManager, self).has_permission( - request=request, view=view) or is_manager(request.user) + return (super(IsManager, self).has_permission(request=request, + view=view) + and is_manager(request.user)) def has_object_permission(self, request, view, obj): from .models import Outlet - from order.models import Order - perm = super(OwnerOrManager, self).has_object_permission(request, - view, obj) + from order.models import Order if isinstance(obj, Order): obj = obj.outlet if isinstance(obj, Outlet): - return perm or (request.user.id in obj.outletmanager_set - .filter(is_active=True) - .values_list('manager', flat=True)) + return (request.user.id in obj.outletmanager_set + .filter(is_active=True) + .values_list('manager', flat=True)) + + +class OwnerOrManager(IsAuthenticated): + + def has_permission(self, request, view): + return (IsOutletOwner().has_permission(request=request, view=view) + or IsManager().has_permission(request=request, view=view)) + + def has_object_permission(self, request, view, obj): + return (IsOutletOwner().has_object_permission(request=request, + view=view, obj=obj) + or IsOutletOwner().has_object_permission(request=request, + view=view, obj=obj))