Merge pull request #307 from PROCOLLAB-github/rate_projects_permissions_readded

sh1nkey · web-flow · commit 136de39710ee · 2024-02-26T20:29:59.000+03:00
readded permissions for exact users for exact programs
diff --git a/project_rates/views.py b/project_rates/views.py
@@ -89,7 +89,7 @@ def get(self, request, *args, **kwargs):
         for project in projects_serializer.data:
             filled_values = 0
             for criteria in project["criterias"]:
-                if criteria.get("value", None):
+                if criteria["name"] == "Комментарий" or criteria.get("value", None):
                     filled_values += 1
 
             if filled_values == len(project["criterias"]):
diff --git a/users/admin.py b/users/admin.py
@@ -198,3 +198,8 @@ class UserAchievementAdmin(admin.ModelAdmin):
 class UserLinkAdmin(admin.ModelAdmin):
     list_display = ("id", "user", "link")
     list_display_links = ("id", "user", "link")
+
+
+@admin.register(Expert)
+class ExpertAdmin(admin.ModelAdmin):
+    list_display = ("id", "user")
diff --git a/users/migrations/0046_expert_programs.py b/users/migrations/0046_expert_programs.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.2.3 on 2024-02-26 15:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("partner_programs", "0004_auto_20231230_0002"),
+        ("users", "0045_alter_customuser_v2_speciality"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="expert",
+            name="programs",
+            field=models.ManyToManyField(
+                blank=True, related_name="experts", to="partner_programs.partnerprogram"
+            ),
+        ),
+    ]
diff --git a/users/models.py b/users/models.py
@@ -327,6 +327,10 @@ class Expert(AbstractUserWithRole):
     preferred_industries = models.CharField(max_length=4096, null=True, blank=True)
     useful_to_project = models.TextField(blank=True)
 
+    programs = models.ManyToManyField(
+        "partner_programs.PartnerProgram", related_name="experts", blank=True
+    )
+
     class Meta(TypedModelMeta):
         verbose_name = "Эксперт"
         verbose_name_plural = "Эксперты"
diff --git a/users/permissions.py b/users/permissions.py
@@ -1,5 +1,8 @@
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import BasePermission, SAFE_METHODS
 
+from users.models import Expert
+
 
 class IsAchievementOwnerOrReadOnly(BasePermission):
     """
@@ -18,4 +21,11 @@ class IsExpert(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return request.user.user_type == 3
+        user = request.user
+        program_id = view.kwargs.get("program_id")
+
+        if not user.user_type == 3:
+            raise PermissionDenied("User is not an expert")
+        if not Expert.objects.filter(programs__id=program_id, user=user).exists():
+            raise PermissionDenied("You don't have permission to rate this program")
+        return True
