keannu125/Borrowing-TrackerBackend
1
0
Fork 0
mirror of https://github.com/lemeow125/Borrowing-TrackerBackend.git synced 2024-11-17 06:19:26 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow students and teachers to view equipments and equipment instances but forbid them from creating, updating, or deleting

Browse source
This commit is contained in:
Keannu Bernasol 2023-12-08 23:07:08 +08:00
parent 2c8cc87cbe
commit aa078a78c5
2 changed files with 49 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
equipment_tracker/equipments/serializers.py
View file

@ -1,4 +1,4 @@
from rest_framework import serializers from rest_framework import serializers, exceptions
from .models import Equipment, EquipmentInstance from .models import Equipment, EquipmentInstance
from drf_spectacular.utils import extend_schema_field from drf_spectacular.utils import extend_schema_field
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
@ -30,6 +30,30 @@ class EquipmentSerializer(serializers.HyperlinkedModelSerializer):
read_only_fields = ('id', 'last_updated', read_only_fields = ('id', 'last_updated',
'last_updated_by', 'date_added') 'last_updated_by', 'date_added')
def create(self, instance, validated_data):
user = self.context['request'].user
# Do not allow users that are not technicians to create equipments
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot create equipments")
return super().create(instance, validated_data)
def update(self, instance, validated_data):
user = self.context['request'].user
# Do not allow users that are not technicians to update equipments
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot update equipments")
return super().update(instance, validated_data)
# Do not allow users that are not technicians to delete equipments
def delete(self, instance):
user = self.context['request'].user
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot delete equipments")
instance.delete()
@extend_schema_field(OpenApiTypes.STR) @extend_schema_field(OpenApiTypes.STR)
def get_history_user(self, obj): def get_history_user(self, obj):
return obj.history_user.username if obj.history_user else None return obj.history_user.username if obj.history_user else None
@ -106,12 +130,33 @@ class EquipmentInstanceSerializer(serializers.HyperlinkedModelSerializer):
status = serializers.ChoiceField( status = serializers.ChoiceField(
choices=EquipmentInstance.EQUIPMENT_INSTANCE_STATUS_CHOICES) choices=EquipmentInstance.EQUIPMENT_INSTANCE_STATUS_CHOICES)
# Forbid user from changing equipment field once the instance is already created def create(self, instance, validated_data):
user = self.context['request'].user
# Do not allow users that are not technicians to create equipment instances
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot create equipments")
return super().create(instance, validated_data)
def update(self, instance, validated_data): def update(self, instance, validated_data):
user = self.context['request'].user
# Do not allow users that are not technicians to update equipment instances
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot update equipment instances")
# Forbid user from changing equipment field once the instance is already created
# Ignore any changes to 'equipment' # Ignore any changes to 'equipment'
validated_data.pop('equipment', None) validated_data.pop('equipment', None)
return super().update(instance, validated_data) return super().update(instance, validated_data)
# Do not allow users that are not technicians to delete equipment instances
def delete(self, instance):
user = self.context['request'].user
if not user.is_technician:
raise exceptions.ValidationError(
"Non-technician users cannot delete equipment instances")
instance.delete()
class Meta: class Meta:
model = EquipmentInstance model = EquipmentInstance
fields = ('id', 'equipment', 'equipment_name', 'category', 'status', 'remarks', fields = ('id', 'equipment', 'equipment_name', 'category', 'status', 'remarks',

4
equipment_tracker/equipments/views.py
View file

@ -10,7 +10,7 @@ from accounts.permissions import IsTechnician
class EquipmentViewSet(viewsets.ModelViewSet): class EquipmentViewSet(viewsets.ModelViewSet):
if (not DEBUG): if (not DEBUG):
permission_classes = [IsAuthenticated, IsTechnician] permission_classes = [IsAuthenticated]
serializer_class = serializers.EquipmentSerializer serializer_class = serializers.EquipmentSerializer
queryset = Equipment.objects.all().order_by('id') queryset = Equipment.objects.all().order_by('id')
@ -52,7 +52,7 @@ class LastUpdatedEquipmentViewSet(generics.ListAPIView):
class EquipmentInstanceViewSet(viewsets.ModelViewSet): class EquipmentInstanceViewSet(viewsets.ModelViewSet):
if (not DEBUG): if (not DEBUG):
permission_classes = [IsAuthenticated, IsTechnician] permission_classes = [IsAuthenticated]
serializer_class = serializers.EquipmentInstanceSerializer serializer_class = serializers.EquipmentInstanceSerializer
queryset = EquipmentInstance.objects.all().order_by('id') queryset = EquipmentInstance.objects.all().order_by('id')