mirror of
https://github.com/lemeow125/Borrowing-TrackerBackend.git
synced 2024-11-16 22:09:27 +08:00
Fix is student permission and add viewsets for teachers and students for viewing transactions assigned to them
This commit is contained in:
parent
938614fafa
commit
d5dbe2b876
4 changed files with 65 additions and 2 deletions
|
@ -25,7 +25,7 @@ class IsStudent(BasePermission):
|
|||
message = "You must be a student to perform this action."
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return request.user.is_authenticated and request.user.is_student
|
||||
return request.user.is_authenticated and (not request.user.is_teacher and not request.user.is_technician)
|
||||
|
||||
def has_object_permission(self, request, view, obj):
|
||||
return request.user.is_authenticated and request.user.is_student
|
||||
return request.user.is_authenticated and (not request.user.is_teacher and not request.user.is_technician)
|
||||
|
|
|
@ -1051,6 +1051,38 @@ paths:
|
|||
schema:
|
||||
$ref: '#/components/schemas/Transaction'
|
||||
description: ''
|
||||
/api/v1/transactions/student:
|
||||
get:
|
||||
operationId: api_v1_transactions_student_list
|
||||
tags:
|
||||
- api
|
||||
security:
|
||||
- jwtAuth: []
|
||||
responses:
|
||||
'200':
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Transaction'
|
||||
description: ''
|
||||
/api/v1/transactions/teacher:
|
||||
get:
|
||||
operationId: api_v1_transactions_teacher_list
|
||||
tags:
|
||||
- api
|
||||
security:
|
||||
- jwtAuth: []
|
||||
responses:
|
||||
'200':
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Transaction'
|
||||
description: ''
|
||||
components:
|
||||
schemas:
|
||||
Activation:
|
||||
|
|
|
@ -7,4 +7,6 @@ router.register(r'', views.TransactionViewSet)
|
|||
|
||||
urlpatterns = [
|
||||
path('', include(router.urls)),
|
||||
path('student', views.TransactionByStudentViewSet.as_view()),
|
||||
path('teacher', views.TransactionByTeacherViewSet.as_view()),
|
||||
]
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
from rest_framework.permissions import IsAuthenticated
|
||||
from accounts.permissions import IsTeacher, IsStudent
|
||||
from rest_framework import viewsets, generics
|
||||
from .serializers import TransactionSerializer
|
||||
from .models import Transaction
|
||||
|
@ -11,3 +12,31 @@ class TransactionViewSet(viewsets.ModelViewSet):
|
|||
permission_classes = [IsAuthenticated]
|
||||
serializer_class = TransactionSerializer
|
||||
queryset = Transaction.objects.all()
|
||||
|
||||
|
||||
class TransactionByStudentViewSet(generics.ListAPIView):
|
||||
# Only allow GET, POST/CREATE
|
||||
# Transactions cannot be deleted
|
||||
http_method_names = ['get']
|
||||
permission_classes = [IsAuthenticated, IsStudent]
|
||||
serializer_class = TransactionSerializer
|
||||
queryset = Transaction.objects.all()
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
transactions = Transaction.objects.filter(borrower=user)
|
||||
return transactions
|
||||
|
||||
|
||||
class TransactionByTeacherViewSet(generics.ListAPIView):
|
||||
# Only allow GET, POST/CREATE
|
||||
# Transactions cannot be deleted
|
||||
http_method_names = ['get']
|
||||
permission_classes = [IsAuthenticated, IsTeacher]
|
||||
serializer_class = TransactionSerializer
|
||||
queryset = Transaction.objects.all()
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
transactions = Transaction.objects.filter(teacher=user)
|
||||
return transactions
|
||||
|
|
Loading…
Reference in a new issue