readded permissions for exact users for exact programs

sh1nkey · sh1nkey · commit 79ae17d8f5a8 · 2024-02-26T19:05:56.000+03:00
diff --git a/users/admin.py b/users/admin.py
@@ -198,3 +198,8 @@ class UserAchievementAdmin(admin.ModelAdmin):
 class UserLinkAdmin(admin.ModelAdmin):
     list_display = ("id", "user", "link")
     list_display_links = ("id", "user", "link")
+
+
+@admin.register(Expert)
+class ExpertAdmin(admin.ModelAdmin):
+    list_display = ("id", "user")
diff --git a/users/models.py b/users/models.py
@@ -327,6 +327,10 @@ class Expert(AbstractUserWithRole):
     preferred_industries = models.CharField(max_length=4096, null=True, blank=True)
     useful_to_project = models.TextField(blank=True)
 
+    programs = models.ManyToManyField(
+        "partner_programs.PartnerProgram", related_name="experts", blank=True
+    )
+
     class Meta(TypedModelMeta):
         verbose_name = "Эксперт"
         verbose_name_plural = "Эксперты"
diff --git a/users/permissions.py b/users/permissions.py
@@ -1,5 +1,8 @@
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import BasePermission, SAFE_METHODS
 
+from users.models import Expert
+
 
 class IsAchievementOwnerOrReadOnly(BasePermission):
     """
@@ -18,4 +21,11 @@ class IsExpert(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return request.user.user_type == 3
+        user = request.user
+        program_id = view.kwargs.get("program_id")
+
+        if not user.user_type == 3:
+            raise PermissionDenied("User is not an expert")
+        if not Expert.objects.filter(programs__id=program_id, user=user).exists():
+            raise PermissionDenied("You don't have permission to rate this program")
+        return True
