merged with dev

Author: b-angelov

izpitnik/articles/api/permissions.py

@@ -0,0 +1,17 @@
+from rest_framework import permissions
+
+
+class IsAuthorPermission(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        return request.user and request.user.is_authenticated
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        return (
+                request.user.is_superuser or
+                request.user.has_perm("articles.change_article") or
+                obj.author.pk == request.user.pk
+        )

izpitnik/articles/api/serializers.py

@@ -25,4 +25,5 @@ class ArticleSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Article
-        fields = ['id', 'title', 'content', 'image', 'saint', 'feast', 'holiday', 'author']
+        fields = ['id', 'title', 'content', 'image', 'saint', 'feast', 'holiday', 'author']
+        read_only_fields = ['author']

izpitnik/articles/api/views.py

@@ -1,11 +1,12 @@
 from django.db.models import Q
 from rest_framework import status
 from rest_framework.exceptions import NotFound, ParseError
-from rest_framework.generics import ListAPIView
+from rest_framework.generics import ListAPIView, CreateAPIView
 from rest_framework.permissions import IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework.status import HTTP_404_NOT_FOUND
 
+from izpitnik.articles.api.permissions import IsAuthorPermission
 from izpitnik.articles.api.serializers import ArticleSerializer
 from izpitnik.articles.models import Article
 from izpitnik.orth_calendar.models import HolidayOccurrences
@@ -44,4 +45,12 @@ def get_object(self):
     def get_queryset(self):
 
         queryset = self.get_object().all()
-        return queryset
+        return queryset
+
+
+class CreateArticleAPIView(CreateAPIView):
+    serializer_class = ArticleSerializer
+    permission_classes = [IsAuthorPermission]
+
+    def perform_create(self, serializer):
+        serializer.save(author=self.request.user)

izpitnik/urls.py

@@ -25,7 +25,7 @@
 
 from izpitnik import settings
 from izpitnik.accounts.api.views import CustomTokenObtainPairView, CookieTokenRefreshView, ApiLogoutView
-from izpitnik.articles.api.views import ArtilceAPIView
+from izpitnik.articles.api.views import ArtilceAPIView, CreateArticleAPIView
 
 urlpatterns = [
     path('admin/', admin.site.urls),
@@ -35,6 +35,7 @@
         path('token/refresh/', CookieTokenRefreshView.as_view(), name='token_refresh'),
         path('token/logout/', ApiLogoutView.as_view(), name='logout-api'),
         path('articles/', ArtilceAPIView.as_view(), name='articles-api'),
+        path('articles/create', CreateArticleAPIView.as_view(), name='articles-create-api'),
         path('schema/', SpectacularAPIView.as_view(), name='schema'),
         path('schema/redoc/', SpectacularRedocView.as_view(url_name='schema'), name='redoc'),
     ])),