Merge pull request #63 from PROCOLLAB-github/dev

yakser · web-flow · commit ea2bb775ff9e · 2022-11-20T22:16:48.000+03:00
Dev
diff --git a/projects/permissions.py b/projects/permissions.py
@@ -1,7 +1,7 @@
 from rest_framework.permissions import BasePermission, SAFE_METHODS
 
 
-class IsProjectLeaderOrReadOnly(BasePermission):
+class IsProjectLeaderOrReadOnlyForNonDrafts(BasePermission):
     """
     Allows access to update only to project leader.
     """
@@ -12,6 +12,8 @@ def has_permission(self, request, view) -> bool:
         return False
 
     def has_object_permission(self, request, view, obj):
-        if request.method in SAFE_METHODS or (obj.leader == request.user):
+        if (request.method in SAFE_METHODS and not obj.draft) or (
+            obj.leader == request.user
+        ):
             return True
         return False
diff --git a/projects/serializers.py b/projects/serializers.py
@@ -64,6 +64,7 @@ class ProjectDetailSerializer(serializers.ModelSerializer):
     )
     vacancies = ProjectVacancyListSerializer(many=True, read_only=True)
     short_description = serializers.SerializerMethodField()
+    industry_id = serializers.IntegerField(write_only=True, required=False)
 
     def validate(self, data):
         super().validate(data)
@@ -97,6 +98,7 @@ class Meta:
             "vacancies",
             "datetime_created",
             "datetime_updated",
+            "industry_id",
         ]
         read_only_fields = ["leader"]
 
diff --git a/projects/views.py b/projects/views.py
@@ -7,7 +7,7 @@
 from projects.filters import ProjectFilter
 from projects.helpers import VERBOSE_STEPS
 from projects.models import Project, Achievement
-from projects.permissions import IsProjectLeaderOrReadOnly
+from projects.permissions import IsProjectLeaderOrReadOnlyForNonDrafts
 from projects.serializers import (
     ProjectDetailSerializer,
     AchievementListSerializer,
@@ -71,7 +71,7 @@ def post(self, request, *args, **kwargs):
 class ProjectDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Project.objects.get_projects_for_detail_view()
     serializer_class = ProjectDetailSerializer
-    permission_classes = [IsProjectLeaderOrReadOnly]
+    permission_classes = [IsProjectLeaderOrReadOnlyForNonDrafts]
 
     def put(self, request, pk, **kwargs):
         # bootleg version of updating achievements via project
@@ -120,7 +120,7 @@ class ProjectCollaborators(generics.GenericAPIView):
     Project collaborator retrieve/add/delete view
     """
 
-    permission_classes = [IsProjectLeaderOrReadOnly]
+    permission_classes = [IsProjectLeaderOrReadOnlyForNonDrafts]
     queryset = Project.objects.all()
     serializer_class = ProjectCollaboratorSerializer
 
diff --git a/users/serializers.py b/users/serializers.py
@@ -74,6 +74,7 @@ class Meta:
             "key_skills",
             "birthday",
             "speciality",
+            "organization",
             "about_me",
             "avatar",
             "city",
diff --git a/vacancy/permissions.py b/vacancy/permissions.py
@@ -8,6 +8,17 @@ def has_object_permission(self, request, view, obj):
         return False
 
 
+class IsVacancyProjectLeader(BasePermission):
+    """
+    Allows access to vacancy update only to project leader.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in SAFE_METHODS or obj.project.leader == request.user:
+            return True
+        return False
+
+
 class IsProjectLeaderForVacancyResponse(BasePermission):
     def has_object_permission(self, request, view, obj):
         if obj.vacancy.project.leader == request.user:
diff --git a/vacancy/views.py b/vacancy/views.py
@@ -3,12 +3,12 @@
 from rest_framework.generics import GenericAPIView
 from rest_framework.response import Response
 
-from projects.permissions import IsProjectLeaderOrReadOnly
 from vacancy.filters import VacancyFilter
 from vacancy.models import Vacancy, VacancyResponse
 from vacancy.permissions import (
     IsProjectLeaderForVacancyResponse,
     IsVacancyResponseOwnerOrReadOnly,
+    IsVacancyProjectLeader,
 )
 from vacancy.serializers import (
     ProjectVacancyListSerializer,
@@ -40,7 +40,7 @@ def create(self, request, *args, **kwargs):
 class VacancyDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Vacancy.objects.get_vacancy_for_detail_view()
     serializer_class = VacancyDetailSerializer
-    permission_classes = [IsProjectLeaderOrReadOnly]
+    permission_classes = [IsVacancyProjectLeader]
 
     def put(self, request, *args, **kwargs):
         """updating the vacancy"""

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ class ProjectDetailSerializer(serializers.ModelSerializer):`
`64`	`64`	`)`
`65`	`65`	`vacancies = ProjectVacancyListSerializer(many=True, read_only=True)`
`66`	`66`	`short_description = serializers.SerializerMethodField()`
	`67`	`+ industry_id = serializers.IntegerField(write_only=True, required=False)`
`67`	`68`
`68`	`69`	`def validate(self, data):`
`69`	`70`	`super().validate(data)`
`@@ -97,6 +98,7 @@ class Meta:`
`97`	`98`	`"vacancies",`
`98`	`99`	`"datetime_created",`
`99`	`100`	`"datetime_updated",`
	`101`	`+ "industry_id",`
`100`	`102`	`]`
`101`	`103`	`read_only_fields = ["leader"]`
`102`	`104`