Fix is student permission and add viewsets for teachers and students for viewing transactions assigned to them

equipment_tracker/transactions/urls.py

@@ -7,4 +7,6 @@ router.register(r'', views.TransactionViewSet)
 
 urlpatterns = [
     path('', include(router.urls)),
+    path('student', views.TransactionByStudentViewSet.as_view()),
+    path('teacher', views.TransactionByTeacherViewSet.as_view()),
 ]

equipment_tracker/transactions/views.py

@@ -1,4 +1,5 @@
 from rest_framework.permissions import IsAuthenticated
+from accounts.permissions import IsTeacher, IsStudent
 from rest_framework import viewsets, generics
 from .serializers import TransactionSerializer
 from .models import Transaction
@@ -11,3 +12,31 @@ class TransactionViewSet(viewsets.ModelViewSet):
     permission_classes = [IsAuthenticated]
     serializer_class = TransactionSerializer
     queryset = Transaction.objects.all()
+
+
+class TransactionByStudentViewSet(generics.ListAPIView):
+    # Only allow GET, POST/CREATE
+    # Transactions cannot be deleted
+    http_method_names = ['get']
+    permission_classes = [IsAuthenticated, IsStudent]
+    serializer_class = TransactionSerializer
+    queryset = Transaction.objects.all()
+
+    def get_queryset(self):
+        user = self.request.user
+        transactions = Transaction.objects.filter(borrower=user)
+        return transactions
+
+
+class TransactionByTeacherViewSet(generics.ListAPIView):
+    # Only allow GET, POST/CREATE
+    # Transactions cannot be deleted
+    http_method_names = ['get']
+    permission_classes = [IsAuthenticated, IsTeacher]
+    serializer_class = TransactionSerializer
+    queryset = Transaction.objects.all()
+
+    def get_queryset(self):
+        user = self.request.user
+        transactions = Transaction.objects.filter(teacher=user)
+        return transactions