mirror of
https://github.com/lemeow125/DocManagerBackend.git
synced 2025-01-18 17:13:00 +08:00
Add admin only endpoint for user updating and fix permissions for admin users
This commit is contained in:
parent
008a2a2271
commit
60eadbed64
4 changed files with 25 additions and 4 deletions
|
|
@ -19,7 +19,7 @@ class IsPlanning(BasePermission):
|
|||
"""
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return bool(request.user and request.user.role == "planning")
|
||||
return bool(request.user and request.user.role in ("planning", "admin"))
|
||||
|
||||
|
||||
class IsHead(BasePermission):
|
||||
|
|
@ -28,7 +28,7 @@ class IsHead(BasePermission):
|
|||
"""
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return bool(request.user and request.user.role == "head")
|
||||
return bool(request.user and request.user.role in ("head", "admin"))
|
||||
|
||||
|
||||
class IsAdmin(BasePermission):
|
||||
|
|
|
|||
|
|
@ -5,6 +5,15 @@ from django.core import exceptions as django_exceptions
|
|||
from rest_framework.settings import api_settings
|
||||
|
||||
|
||||
class CustomUserUpdateSerializer(serializers.ModelSerializer):
|
||||
|
||||
class Meta:
|
||||
model = CustomUser
|
||||
fields = [
|
||||
"role"
|
||||
]
|
||||
|
||||
|
||||
class CustomUserSerializer(serializers.ModelSerializer):
|
||||
birthday = serializers.DateField(format="%Y-%m-%d")
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
from django.urls import include, path
|
||||
from .views import CustomUserDeleteView
|
||||
from .views import CustomUserDeleteView, CustomUserUpdateView
|
||||
|
||||
urlpatterns = [
|
||||
path("", include("djoser.urls")),
|
||||
path("", include("djoser.urls.jwt")),
|
||||
path("users/delete/<int:pk>/", CustomUserDeleteView.as_view()),
|
||||
path("users/update/<int:pk>/", CustomUserUpdateView.as_view()),
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
from rest_framework import generics
|
||||
from .serializers import CustomUserSerializer
|
||||
from .serializers import CustomUserSerializer, CustomUserUpdateSerializer
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from accounts.permissions import IsAdmin
|
||||
from .models import CustomUser
|
||||
|
|
@ -14,3 +14,14 @@ class CustomUserDeleteView(generics.DestroyAPIView):
|
|||
serializer_class = CustomUserSerializer
|
||||
queryset = CustomUser.objects.all()
|
||||
permission_classes = [IsAuthenticated, IsAdmin]
|
||||
|
||||
|
||||
class CustomUserUpdateView(generics.UpdateAPIView):
|
||||
"""
|
||||
Used by staff to upload documents.
|
||||
"""
|
||||
|
||||
http_method_names = ["patch"]
|
||||
serializer_class = CustomUserUpdateSerializer
|
||||
queryset = CustomUser.objects.all()
|
||||
permission_classes = [IsAuthenticated, IsAdmin]
|
||||
|
|
|
|||
Loading…
Reference in a new issue