Skip to content

Commit 00d6575

Browse files
MySecondLanguageMySecondLanguage
committed
Implemented permsison class everywhere
1 parent 9d93b44 commit 00d6575

File tree

6 files changed

+65
-0
lines changed

6 files changed

+65
-0
lines changed

nxtbn/core/enum_perms.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,5 +15,8 @@ class PermissionsEnum(models.TextChoices):
1515
CAN_BULK_PRODUCT_STATUS_UPDATE = "can_bulk_product_status_update"
1616
CAN_BULK_PRODUCT_DELETE = "can_bulk_product_delete"
1717

18+
CAN_RECEIVE_TRANSFERRED_STOCK = "can_receive_transferred_stock"
19+
CAN_MARK_STOCK_TRANSFER_AS_COMPLETED = "can_mark_stock_transfer_as_completed"
20+
1821
CAN_READ_CUSTOMER = "can_read_customer"
1922
CAN_UPDATE_CUSTOMER = "can_create_customer"

nxtbn/filemanager/api/dashboard/views.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
from django_filters.rest_framework import DjangoFilterBackend
66

77

8+
from nxtbn.core.admin_permissions import CommonPermissions
89
from nxtbn.filemanager.models import Document, Image
910
from nxtbn.filemanager.api.dashboard.serializers import (
1011
DocumentSerializer,
@@ -21,6 +22,8 @@ class Meta:
2122
fields = ['id', 'name']
2223

2324
class ImageListView(generics.ListCreateAPIView):
25+
permission_classes = (CommonPermissions, )
26+
model = Image
2427
serializer_class = ImageSerializer
2528
queryset = Image.objects.all().order_by('-created_at')
2629
pagination_class = NxtbnPagination
@@ -29,19 +32,25 @@ class ImageListView(generics.ListCreateAPIView):
2932

3033

3134
class ImageDetailView(generics.RetrieveUpdateDestroyAPIView):
35+
permission_classes = (CommonPermissions, )
36+
model = Image
3237
queryset = Image.objects.all()
3338
serializer_class = ImageSerializer
3439
pagination_class = NxtbnPagination
3540
lookup_field = "id"
3641

3742

3843
class DocumentListView(generics.ListCreateAPIView):
44+
permission_classes = (CommonPermissions, )
45+
model = Document
3946
serializer_class = DocumentSerializer
4047
queryset = Document.objects.all()
4148
pagination_class = NxtbnPagination
4249

4350

4451
class DocumentDetailView(generics.RetrieveUpdateDestroyAPIView):
52+
permission_classes = (CommonPermissions, )
53+
model = Document
4554
queryset = Document.objects.all()
4655
serializer_class = DocumentSerializer
4756
pagination_class = NxtbnPagination

nxtbn/purchase/api/dashboard/views.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
from rest_framework import generics, viewsets, status
2+
from nxtbn.core.admin_permissions import CommonPermissions
23
from nxtbn.purchase.api.dashboard.serializers import InventoryReceivingSerializer, PurchaseOrderCreateSerializer, PurchaseOrderSerializer, PurchaseOrderDetailSerializer, PurchaseOrderUpdateSerializer
34
from nxtbn.purchase.models import PurchaseOrder, PurchaseOrderItem
45
from django.db import transaction
@@ -24,6 +25,8 @@
2425
from rest_framework import status, viewsets
2526

2627
class PurchaseViewSet(viewsets.ModelViewSet):
28+
permission_classes = (CommonPermissions, )
29+
model = PurchaseOrder
2730
queryset = PurchaseOrder.objects.all()
2831
serializer_class = PurchaseOrderSerializer
2932
pagination_class = NxtbnPagination
@@ -167,6 +170,8 @@ def mark_as_received(self, request, pk=None):
167170

168171

169172
class InventoryReceivingAPI(generics.UpdateAPIView):
173+
permission_classes = (CommonPermissions, )
174+
model = PurchaseOrder
170175
serializer_class = InventoryReceivingSerializer
171176
lookup_field = 'pk'
172177
queryset = PurchaseOrder.objects.all()

nxtbn/shipping/api/dashboard/views.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11

22
from django.db.models import Q
3+
from nxtbn.core.admin_permissions import CommonPermissions
34
from nxtbn.order import AddressType
45
from nxtbn.shipping.api.dashboard.serializers import (
56
ShippingMethodSerializer,
@@ -15,6 +16,8 @@
1516
from nxtbn.users.models import User
1617

1718
class CustomerEligibleShippingMethodstAPI(generics.ListCreateAPIView):
19+
permission_classes = (CommonPermissions, )
20+
model = ShippingMethod
1821
serializer_class = ShippingMethodSerializer
1922

2023
def get_queryset(self):
@@ -38,22 +41,30 @@ def get_queryset(self):
3841
return queryset
3942

4043
class ShippingMethodstListAPI(generics.ListCreateAPIView):
44+
permission_classes = (CommonPermissions, )
45+
model = ShippingMethod
4146
serializer_class = ShippingMethodSerializer
4247
queryset = ShippingMethod.objects.all()
4348

4449

4550
class ShippingMethodDetails(generics.RetrieveUpdateDestroyAPIView):
51+
permission_classes = (CommonPermissions, )
52+
model = ShippingMethod
4653
serializer_class = ShppingMethodDetailSeralizer
4754
queryset = ShippingMethod.objects.all()
4855
lookup_field = 'id'
4956

5057

5158
class ShippingRateListCreateView(generics.ListCreateAPIView):
59+
permission_classes = (CommonPermissions, )
60+
model = ShippingRate
5261
serializer_class = ShippingRateSerializer
5362
queryset = ShippingRate.objects.all()
5463

5564

5665
class ShippingRateDetailView(generics.RetrieveUpdateDestroyAPIView):
66+
permission_classes = (CommonPermissions, )
67+
model = ShippingRate
5768
serializer_class = ShippingRateSerializer
5869
queryset = ShippingRate.objects.all()
5970
lookup_field = 'id'
@@ -63,6 +74,8 @@ class ShippingRateDetailView(generics.RetrieveUpdateDestroyAPIView):
6374
# ==================================================================
6475

6576
class ShippingMethodTranslationViewSet(viewsets.ModelViewSet):
77+
permission_classes = (CommonPermissions, )
78+
model = ShippingMethodTranslation
6679
"""
6780
A viewset for viewing and editing ShippingMethod translations.
6881
"""

nxtbn/warehouse/api/dashboard/views.py

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
from django.shortcuts import get_object_or_404
33
from rest_framework import viewsets
44
from rest_framework import generics, status
5+
from nxtbn.core.admin_permissions import CommonPermissions, GranularPermission
6+
from nxtbn.core.enum_perms import PermissionsEnum
57
from nxtbn.order.models import Order
68
from nxtbn.product.models import ProductVariant
79
from nxtbn.warehouse import StockMovementStatus
@@ -26,6 +28,8 @@
2628

2729

2830
class WarehouseViewSet(viewsets.ModelViewSet):
31+
permission_classes = (CommonPermissions, )
32+
model = Warehouse
2933
queryset = Warehouse.objects.all()
3034
serializer_class = WarehouseSerializer
3135
pagination_class = None
@@ -59,6 +63,8 @@ class StockFilterMixin:
5963

6064

6165
class StockViewSet(StockFilterMixin, viewsets.ModelViewSet):
66+
permission_classes = (CommonPermissions, )
67+
model = Stock
6268
queryset = Stock.objects.select_related('warehouse', 'product_variant').all()
6369
pagination_class = NxtbnPagination
6470

@@ -70,6 +76,8 @@ def get_serializer_class(self):
7076

7177

7278
class WarehouseStockByVariantAPIView(APIView):
79+
permission_classes = (CommonPermissions, )
80+
model = ProductVariant
7381
def get(self, request, variant_id):
7482
try:
7583
# Fetch the product variant
@@ -107,6 +115,8 @@ def get(self, request, variant_id):
107115

108116

109117
class UpdateStockWarehouseWise(generics.UpdateAPIView):
118+
permission_classes = (CommonPermissions, )
119+
model = Stock
110120
serializer_class = StockUpdateSerializer
111121

112122
def update(self, request, *args, **kwargs):
@@ -172,13 +182,17 @@ def get_queryset(self):
172182
return StockReservation.objects.all()
173183

174184
class StockReservationListAPIView(StockReservationFilterMixin, generics.ListCreateAPIView):
185+
permission_classes = (CommonPermissions, )
186+
model = StockReservation
175187
serializer_class = StockReservationSerializer
176188
queryset = StockReservation.objects.all()
177189
pagination_class = NxtbnPagination
178190

179191

180192

181193
class MergeStockReservationAPIView(generics.UpdateAPIView):
194+
permission_classes = (CommonPermissions, )
195+
model = StockReservation
182196
"""
183197
API to transfer stock reservation from one warehouse to another.
184198
"""
@@ -226,6 +240,8 @@ def update(self, request, *args, **kwargs):
226240

227241

228242
class RetryReservationAPIView(APIView):
243+
permission_classes = (CommonPermissions, )
244+
model = StockReservation
229245
def post(self, request, alias):
230246
order = get_object_or_404(Order, alias=alias)
231247
reserve_stock(order)
@@ -234,16 +250,22 @@ def post(self, request, alias):
234250

235251

236252
class StockTransferListCreateAPIView(generics.ListCreateAPIView):
253+
permission_classes = (CommonPermissions, )
254+
model = StockTransfer
237255
queryset = StockTransfer.objects.prefetch_related('items').all()
238256
serializer_class = StockTransferSerializer
239257

240258

241259
class StockTransferRetrieveUpdateAPIView(generics.RetrieveUpdateAPIView):
260+
permission_classes = (CommonPermissions, )
261+
model = StockTransfer
242262
queryset = StockTransfer.objects.all()
243263
serializer_class = StockTransferSerializer
244264
lookup_field = 'id'
245265

246266
class StockTransferMarkAsInTransitAPIView(APIView):
267+
permission_classes = (CommonPermissions, )
268+
model = StockTransfer
247269
def put(self, request, pk):
248270
with transaction.atomic():
249271
transfer = get_object_or_404(StockTransfer, id=pk)
@@ -276,6 +298,9 @@ def put(self, request, pk):
276298

277299

278300
class StockTransferReceivingAPI(generics.UpdateAPIView):
301+
permission_classes = (GranularPermission, )
302+
model = StockTransfer
303+
required_perm = PermissionsEnum.CAN_RECEIVE_TRANSFERRED_STOCK
279304
serializer_class = StockTransferReceivingSerializer
280305
lookup_field = 'pk'
281306
queryset = StockTransfer.objects.all()
@@ -315,6 +340,9 @@ def update(self, request, *args, **kwargs):
315340

316341

317342
class StockTransferMarkedAsCompletedAPIView(APIView):
343+
permission_classes = (GranularPermission, )
344+
model = StockTransfer
345+
required_perm = PermissionsEnum.CAN_MARK_STOCK_TRANSFER_AS_COMPLETED
318346
def put(self, request, pk):
319347
transfer = get_object_or_404(StockTransfer, id=pk)
320348

nxtbn/warehouse/models.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
from django.forms import ValidationError
33
from django.db.models import Sum
44

5+
from nxtbn.core.enum_perms import PermissionsEnum
56
from nxtbn.core.models import AbstractBaseModel
67
from nxtbn.order.models import Order, OrderLineItem
78
from nxtbn.product.models import ProductVariant
@@ -89,6 +90,12 @@ class StockTransfer(AbstractBaseModel):
8990

9091
status = models.CharField(max_length=20, choices=StockMovementStatus.choices, default=StockMovementStatus.PENDING)
9192
created_by = models.ForeignKey(User, on_delete=models.SET_NULL, null=True)
93+
94+
class Meta:
95+
permissions = [
96+
(PermissionsEnum.CAN_RECEIVE_TRANSFERRED_STOCK, "Can receive transferred stock"),
97+
(PermissionsEnum.CAN_MARK_STOCK_TRANSFER_AS_COMPLETED, "Can mark stock transfer as completed"),
98+
]
9299

93100
def __str__(self):
94101
return f"Transfer {self.id} - {self.from_warehouse} to {self.to_warehouse}"

0 commit comments

Comments
 (0)