diff --git a/equipment_tracker/accounts/permissions.py b/equipment_tracker/accounts/permissions.py index 0d4ed90..d7148f8 100644 --- a/equipment_tracker/accounts/permissions.py +++ b/equipment_tracker/accounts/permissions.py @@ -25,7 +25,7 @@ class IsStudent(BasePermission): message = "You must be a student to perform this action." def has_permission(self, request, view): - return request.user.is_authenticated and request.user.is_student + return request.user.is_authenticated and (not request.user.is_teacher and not request.user.is_technician) def has_object_permission(self, request, view, obj): - return request.user.is_authenticated and request.user.is_student + return request.user.is_authenticated and (not request.user.is_teacher and not request.user.is_technician) diff --git a/equipment_tracker/schema.yml b/equipment_tracker/schema.yml index 6d8166a..84cc793 100644 --- a/equipment_tracker/schema.yml +++ b/equipment_tracker/schema.yml @@ -1051,6 +1051,38 @@ paths: schema: $ref: '#/components/schemas/Transaction' description: '' + /api/v1/transactions/student: + get: + operationId: api_v1_transactions_student_list + tags: + - api + security: + - jwtAuth: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Transaction' + description: '' + /api/v1/transactions/teacher: + get: + operationId: api_v1_transactions_teacher_list + tags: + - api + security: + - jwtAuth: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Transaction' + description: '' components: schemas: Activation: diff --git a/equipment_tracker/transactions/urls.py b/equipment_tracker/transactions/urls.py index 101e758..339bda7 100644 --- a/equipment_tracker/transactions/urls.py +++ b/equipment_tracker/transactions/urls.py @@ -7,4 +7,6 @@ router.register(r'', views.TransactionViewSet) urlpatterns = [ path('', include(router.urls)), + path('student', views.TransactionByStudentViewSet.as_view()), + path('teacher', views.TransactionByTeacherViewSet.as_view()), ] diff --git a/equipment_tracker/transactions/views.py b/equipment_tracker/transactions/views.py index bcdf86d..bade244 100644 --- a/equipment_tracker/transactions/views.py +++ b/equipment_tracker/transactions/views.py @@ -1,4 +1,5 @@ from rest_framework.permissions import IsAuthenticated +from accounts.permissions import IsTeacher, IsStudent from rest_framework import viewsets, generics from .serializers import TransactionSerializer from .models import Transaction @@ -11,3 +12,31 @@ class TransactionViewSet(viewsets.ModelViewSet): permission_classes = [IsAuthenticated] serializer_class = TransactionSerializer queryset = Transaction.objects.all() + + +class TransactionByStudentViewSet(generics.ListAPIView): + # Only allow GET, POST/CREATE + # Transactions cannot be deleted + http_method_names = ['get'] + permission_classes = [IsAuthenticated, IsStudent] + serializer_class = TransactionSerializer + queryset = Transaction.objects.all() + + def get_queryset(self): + user = self.request.user + transactions = Transaction.objects.filter(borrower=user) + return transactions + + +class TransactionByTeacherViewSet(generics.ListAPIView): + # Only allow GET, POST/CREATE + # Transactions cannot be deleted + http_method_names = ['get'] + permission_classes = [IsAuthenticated, IsTeacher] + serializer_class = TransactionSerializer + queryset = Transaction.objects.all() + + def get_queryset(self): + user = self.request.user + transactions = Transaction.objects.filter(teacher=user) + return transactions