mirror of
https://github.com/lemeow125/DocManagerBackend.git
synced 2025-01-19 01:23:02 +08:00
Add admin only endpoint for user updating and fix permissions for admin users
This commit is contained in:
parent
008a2a2271
commit
60eadbed64
4 changed files with 25 additions and 4 deletions
|
|
@ -19,7 +19,7 @@ class IsPlanning(BasePermission):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
def has_permission(self, request, view):
|
||||||
return bool(request.user and request.user.role == "planning")
|
return bool(request.user and request.user.role in ("planning", "admin"))
|
||||||
|
|
||||||
|
|
||||||
class IsHead(BasePermission):
|
class IsHead(BasePermission):
|
||||||
|
|
@ -28,7 +28,7 @@ class IsHead(BasePermission):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
def has_permission(self, request, view):
|
||||||
return bool(request.user and request.user.role == "head")
|
return bool(request.user and request.user.role in ("head", "admin"))
|
||||||
|
|
||||||
|
|
||||||
class IsAdmin(BasePermission):
|
class IsAdmin(BasePermission):
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,15 @@ from django.core import exceptions as django_exceptions
|
||||||
from rest_framework.settings import api_settings
|
from rest_framework.settings import api_settings
|
||||||
|
|
||||||
|
|
||||||
|
class CustomUserUpdateSerializer(serializers.ModelSerializer):
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = CustomUser
|
||||||
|
fields = [
|
||||||
|
"role"
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
class CustomUserSerializer(serializers.ModelSerializer):
|
class CustomUserSerializer(serializers.ModelSerializer):
|
||||||
birthday = serializers.DateField(format="%Y-%m-%d")
|
birthday = serializers.DateField(format="%Y-%m-%d")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
from django.urls import include, path
|
from django.urls import include, path
|
||||||
from .views import CustomUserDeleteView
|
from .views import CustomUserDeleteView, CustomUserUpdateView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path("", include("djoser.urls")),
|
path("", include("djoser.urls")),
|
||||||
path("", include("djoser.urls.jwt")),
|
path("", include("djoser.urls.jwt")),
|
||||||
path("users/delete/<int:pk>/", CustomUserDeleteView.as_view()),
|
path("users/delete/<int:pk>/", CustomUserDeleteView.as_view()),
|
||||||
|
path("users/update/<int:pk>/", CustomUserUpdateView.as_view()),
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
from rest_framework import generics
|
from rest_framework import generics
|
||||||
from .serializers import CustomUserSerializer
|
from .serializers import CustomUserSerializer, CustomUserUpdateSerializer
|
||||||
from rest_framework.permissions import IsAuthenticated
|
from rest_framework.permissions import IsAuthenticated
|
||||||
from accounts.permissions import IsAdmin
|
from accounts.permissions import IsAdmin
|
||||||
from .models import CustomUser
|
from .models import CustomUser
|
||||||
|
|
@ -14,3 +14,14 @@ class CustomUserDeleteView(generics.DestroyAPIView):
|
||||||
serializer_class = CustomUserSerializer
|
serializer_class = CustomUserSerializer
|
||||||
queryset = CustomUser.objects.all()
|
queryset = CustomUser.objects.all()
|
||||||
permission_classes = [IsAuthenticated, IsAdmin]
|
permission_classes = [IsAuthenticated, IsAdmin]
|
||||||
|
|
||||||
|
|
||||||
|
class CustomUserUpdateView(generics.UpdateAPIView):
|
||||||
|
"""
|
||||||
|
Used by staff to upload documents.
|
||||||
|
"""
|
||||||
|
|
||||||
|
http_method_names = ["patch"]
|
||||||
|
serializer_class = CustomUserUpdateSerializer
|
||||||
|
queryset = CustomUser.objects.all()
|
||||||
|
permission_classes = [IsAuthenticated, IsAdmin]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue