Merge pull request #14 from oleveloper/feature/sponsor

Feature: Add sponser viewset

Author: oleveloper

pyconkr/urls.py

@@ -16,9 +16,11 @@
 from django.contrib import admin
 from django.urls import include, path
 
+import sponsor.routers
+
 urlpatterns = [
     path("api-auth/", include("rest_framework.urls")),
     path("summernote/", include("django_summernote.urls")),
     path("admin/", admin.site.urls),
-    path("sponsors/", include("sponsor.urls")),
+    path("sponsors/", include(sponsor.routers.get_router().urls)),
 ]

sponsor/permissions.py

@@ -0,0 +1,17 @@
+from rest_framework import permissions
+
+from sponsor.models import Sponsor
+
+
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    # https://stackoverflow.com/questions/72691826/djnago-rest-framework-how-to-allow-only-update-user-own-content-only
+    def has_object_permission(self, request, view, obj: Sponsor):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        return obj.manager_id == request.user or obj.creator == request.user
+
+
+class OwnerOnly(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj: Sponsor):
+        return obj.manager_id == request.user or obj.creator == request.user

sponsor/routers.py

@@ -0,0 +1,10 @@
+from rest_framework.routers import DefaultRouter
+
+from sponsor.viewsets import *
+
+
+def get_router():
+    router = DefaultRouter()
+    router.register("", SponsorViewSet, basename="sponsor")
+
+    return router

sponsor/serializers.py

@@ -0,0 +1,23 @@
+from rest_framework.serializers import ModelSerializer
+
+from sponsor.models import Sponsor
+
+
+class SponsorSerializer(ModelSerializer):
+    class Meta:
+        model = Sponsor
+        fields = "__all__"
+
+
+class SponsorListSerializer(ModelSerializer):
+    class Meta:
+        model = Sponsor
+        fields = [
+            "name",
+            "level",
+            "desc",
+            "eng_desc",
+            "url",
+            "logo_image",
+            "id",
+        ]

sponsor/viewsets.py

@@ -0,0 +1,47 @@
+from django.shortcuts import get_object_or_404
+from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from rest_framework.response import Response
+from rest_framework.viewsets import ModelViewSet
+
+from sponsor.models import Sponsor
+from sponsor.permissions import IsOwnerOrReadOnly, OwnerOnly
+from sponsor.serializers import SponsorListSerializer, SponsorSerializer
+
+
+class SponsorViewSet(ModelViewSet):
+    serializer_class = SponsorSerializer
+    permission_classes = [IsOwnerOrReadOnly]  # 본인 소유만 수정가능
+    http_method_names = ["get", "post"]  # 지금은 조회/등록만 가능 TODO: 추후 수정기능 추가
+
+    def get_queryset(self):
+        return Sponsor.objects.all()
+
+    def list(self, request, *args, **kwargs):
+        queryset = Sponsor.objects.filter(accepted=True).order_by("name")
+        serializer = SponsorListSerializer(queryset, many=True)
+        return Response(serializer.data)
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data)
+
+    def retrieve(self, request, *args, **kwargs):
+        pk = kwargs["pk"]
+        sponsor_data = get_object_or_404(Sponsor, pk=pk)
+
+        # 본인 소유인 경우는 모든 필드
+        # 그렇지 않은 경우는 공개 가능한 필드만 응답
+        serializer = (
+            SponsorSerializer(sponsor_data)
+            if self.check_owner_permission(request, sponsor_data)
+            else SponsorListSerializer(sponsor_data)
+        )
+
+        return Response(serializer.data)
+
+    def check_owner_permission(self, request, sponsor_data: Sponsor):
+        return OwnerOnly.has_object_permission(
+            self=OwnerOnly, request=request, view=self, obj=sponsor_data
+        )