upgrade permissions for Account/Guest classes && add documentation for views in Account

2020-06-21 11:55:18 +02:00 · 2020-06-21 11:55:18 +02:00 · 6a54b4d959
parent 344f71295c
commit 6a54b4d959
4 changed files with 24 additions and 3 deletions
--- a/portfolio/account/pycache/views.cpython-36.pyc
+++ b/portfolio/account/pycache/views.cpython-36.pyc
--- a/portfolio/account/views.py
+++ b/portfolio/account/views.py
@ -1,5 +1,7 @@
 from rest_framework import viewsets, mixins
 from rest_framework.response import Response
+from rest_framework import permissions
+from rest_framework.decorators import permission_classes
 from rest_framework.authtoken.views import ObtainAuthToken

 from drf_yasg.utils import swagger_auto_schema
@ -10,10 +12,26 @@ from .models import Account, Guest
 from .serializers import *


-class AccountViewSet(viewsets.ModelViewSet):
+class AnonAndUserPermissions(permissions.BasePermission):
+    """
+    Anonymous user always can create && User can modify self records only
    
+    this is override of permissions in settings
+    """
+    def has_object_permission(self, request, view, obj):
+        if request.method == 'POST':
+            return True
+        return str(obj.username) == str(request.user)
+
+
+class AccountViewSet(viewsets.ModelViewSet):
+    """
+    A User CRUD `retrieve()`, `list()` and abstract `create()` (`create()` is register)
+    and  `update()` from class `ModelViewSet` in viewsets
+    """
    queryset = Account.objects.all()
    serializer_class = AccountSerializer
+    permission_classes = (AnonAndUserPermissions, )

    @swagger_auto_schema(responses={ 200: AccountGetSerializer })
    def retrieve(self, request, pk=None):
@ -29,7 +47,9 @@ class AccountViewSet(viewsets.ModelViewSet):


 class AccountAuth(ObtainAuthToken):
-
+    """
+    A User Authorization `login()`, `logout()`
+    """
    queryset = Account.objects.all()
    serializer_class = AccountAuthSerializer

@ -52,3 +72,4 @@ class AccountAuth(ObtainAuthToken):
 class GuestViewSet(viewsets.ModelViewSet):
    queryset = Guest.objects.all()
    serializer_class = GuestSerializer
+    permission_classes = (AnonAndUserPermissions, )
--- a/portfolio/album/pycache/serializers.cpython-36.pyc
+++ b/portfolio/album/pycache/serializers.cpython-36.pyc
--- a/portfolio/album/serializers.py
+++ b/portfolio/album/serializers.py
@ -20,7 +20,7 @@ class TrackRowSerializer(serializers.ModelSerializer):
        return TrackRow.create(TrackRow, validated_data)

    def update(self, instance, validated_data):
-        return instance.update(instance, validated_data)
+        return instance.update(validated_data)

    class Meta:
        model = TrackRow