From 29e5ef363a386d3b400384a9234bcd83421c6044 Mon Sep 17 00:00:00 2001 From: Apostolof Date: Tue, 15 Jan 2019 15:28:54 +0200 Subject: [PATCH] Add API support for moderators, Fixes --- .../hyrieus/flavoursAPI/hyrieus/urls.py | 8 +- .../hyrieus/flavoursAPI/hyrieus/views.py | 95 ++++++++++++++++++- 2 files changed, 98 insertions(+), 5 deletions(-) diff --git a/UI/Database API/hyrieus/flavoursAPI/hyrieus/urls.py b/UI/Database API/hyrieus/flavoursAPI/hyrieus/urls.py index 4e85d0a..3dfb48b 100644 --- a/UI/Database API/hyrieus/flavoursAPI/hyrieus/urls.py +++ b/UI/Database API/hyrieus/flavoursAPI/hyrieus/urls.py @@ -9,7 +9,8 @@ from flavoursAPI.hyrieus.views import (DietViewSet, DietProhibitsIngredientViewS UserRatesRestaurantViewSet, UserSetBirthDay, RestaurantUserView, UserDiets, FoodUserView, DrinkUserView, ProfileUserView, AddFood, AddDrink, AddDiet, FollowDiet, ProhibitIngredient, DietUserView, IngredientUserView, - AddIngredientToFood, AddIngredientToDrink, + AddIngredientToFood, AddIngredientToDrink, AcceptRestaurant,AcceptFood, + AcceptDrink, AcceptDiet, ) router = routers.DefaultRouter() @@ -32,7 +33,6 @@ router.register(r'userratesfood', UserRatesFoodViewSet) router.register(r'userratesrestaurant', UserRatesRestaurantViewSet) urlpatterns = [ - # url(r'signup', Signup.as_view()), path('setUserBirthday//', UserSetBirthDay.as_view(), name='setUserBirthday'), path('restaurantUserView//', RestaurantUserView.as_view(), name='restaurantUserView'), path('foodUserView//', FoodUserView.as_view(), name='foodUserView'), @@ -48,6 +48,10 @@ urlpatterns = [ path('ingredientUserView/', IngredientUserView.as_view(), name='ingredientUserView'), path('addIngredientToFood/', AddIngredientToFood.as_view(), name='addIngredientToFood'), path('addIngredientToDrink/', AddIngredientToDrink.as_view(), name='addIngredientToDrink'), + path('acceptRestaurant//', AcceptRestaurant.as_view(), name='acceptRestaurant'), + path('acceptFood//', AcceptFood.as_view(), name='acceptFood'), + path('acceptDrink//', AcceptDrink.as_view(), name='acceptDrink'), + path('acceptDiet//', AcceptDiet.as_view(), name='acceptDiet'), path('rest-auth/', include('rest_auth.urls')), url(r'^rest-auth/registration/', include('rest_auth.registration.urls')) ] diff --git a/UI/Database API/hyrieus/flavoursAPI/hyrieus/views.py b/UI/Database API/hyrieus/flavoursAPI/hyrieus/views.py index 923ca35..aaddace 100644 --- a/UI/Database API/hyrieus/flavoursAPI/hyrieus/views.py +++ b/UI/Database API/hyrieus/flavoursAPI/hyrieus/views.py @@ -296,6 +296,7 @@ class UserRatesDrinkViewSet(viewsets.ModelViewSet): def perform_create(self, serializer): user = self.request.user + print(self.request) try: drink = Drink.objects.get(pk=self.request._data.get('drink')) @@ -419,8 +420,11 @@ class RestaurantUserView(APIView): restaurantRatings = restaurantRatings.annotate(username = F('user__username')) \ .annotate(diet_name = F('diet__diet_name')).values() - restaurantFoods = Food.objects.all().filter(restaurant=restaurant).filter(food_is_approved=True) - restaurantDrinks = Drink.objects.all().filter(restaurant=restaurant).filter(drink_is_approved=True) + restaurantFoods = Food.objects.all().filter(restaurant=restaurant) + restaurantDrinks = Drink.objects.all().filter(restaurant=restaurant) + if not user.role.role_id == 1: + restaurantFoods = restaurantFoods.filter(food_is_approved=True) + restaurantDrinks = restaurantDrinks.filter(drink_is_approved=True) foods = [FoodSerializer(food).data for food in list(restaurantFoods)] drinks = [DrinkSerializer(drink).data for drink in list(restaurantDrinks)] @@ -607,6 +611,11 @@ class AddFood(APIView): ingredientInstance = serializer.save() ingredientsList += [ingredientInstance] + if request.user.role.role_id == 1: + requestData['food_is_approved'] = True + else: + requestData['food_is_approved'] = False + foodSerializer = FoodSerializer(data = requestData) if foodSerializer.is_valid(): food = foodSerializer.save() @@ -864,4 +873,84 @@ class AddIngredientToDrink(APIView): else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - return Response(serializer.data) \ No newline at end of file + return Response(serializer.data) + +class AcceptRestaurant(APIView): + authentication_classes = (SessionAuthentication, BasicAuthentication) + permission_classes = (IsAuthenticated,) + + def patch(self, request, restaurant, format=None): + user = request.user + if not user.role.role_id == 1: + raise PermissionDenied({"message":"You don't have permission to access"}) + + try: + restaurant = Restaurant.objects.get(pk=restaurant) + except Restaurant.DoesNotExist: + raise Http404 + + serializer = RestaurantSerializer(restaurant, data={'restaurant_is_approved': True}, partial=True) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + +class AcceptFood(APIView): + authentication_classes = (SessionAuthentication, BasicAuthentication) + permission_classes = (IsAuthenticated,) + + def patch(self, request, food, format=None): + user = request.user + if not user.role.role_id == 1: + raise PermissionDenied({"message":"You don't have permission to access"}) + + try: + food = Food.objects.get(pk=food) + except Food.DoesNotExist: + raise Http404 + + serializer = FoodSerializer(food, data={'food_is_approved': True}, partial=True) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + +class AcceptDrink(APIView): + authentication_classes = (SessionAuthentication, BasicAuthentication) + permission_classes = (IsAuthenticated,) + + def patch(self, request, drink, format=None): + user = request.user + if not user.role.role_id == 1: + raise PermissionDenied({"message":"You don't have permission to access"}) + + try: + drink = Drink.objects.get(pk=drink) + except Drink.DoesNotExist: + raise Http404 + + serializer = DrinkSerializer(drink, data={'drink_is_approved': True}, partial=True) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + +class AcceptDiet(APIView): + authentication_classes = (SessionAuthentication, BasicAuthentication) + permission_classes = (IsAuthenticated,) + + def patch(self, request, diet, format=None): + user = request.user + if not user.role.role_id == 1: + raise PermissionDenied({"message":"You don't have permission to access"}) + + try: + diet = Diet.objects.get(pk=diet) + except Diet.DoesNotExist: + raise Http404 + + serializer = DietSerializer(diet, data={'diet_is_approved': True}, partial=True) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) \ No newline at end of file