sifatbaho/backend-v1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Shaxobff
2026-04-30 11:11:12 +05:00
parent db7e34c1c2
commit c29546a04b
7 changed files with 115 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/apps/accounts/permissions.py Normal file
View File

@@ -0,0 +1,15 @@
from rest_framework.exceptions import PermissionDenied
from rest_framework.permissions import BasePermission
from core.apps.accounts.choices import RoleChoice
class IsAdminRole(BasePermission):
def has_permission(self, request, view):
if not request.user.is_authenticated:
return False
if request.user.role != RoleChoice.ADMIN:
raise PermissionDenied("Only admin can access this")
return True

2
core/apps/accounts/urls.py
View File

@@ -27,7 +27,7 @@ urlpatterns = [
path("", include(router.urls)), path("", include(router.urls)),
path("auth/token/", jwt_views.TokenObtainPairView.as_view(), name="token_obtain_pair"), path("auth/token/", jwt_views.TokenObtainPairView.as_view(), name="token_obtain_pair"),
path("auth/token/verify/", jwt_views.TokenVerifyView.as_view(), name="token_verify"), path("auth/token/verify/", jwt_views.TokenVerifyView.as_view(), name="token_verify"),
path("auth/token/refresh/",jwt_views.TokenRefreshView.as_view()), path("auth/token/refresh/", jwt_views.TokenRefreshView.as_view()),
path("user/list/", UserListApiView.as_view(), name="user-list"), path("user/list/", UserListApiView.as_view(), name="user-list"),
path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"), path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"),
path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"), path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"),

1
core/apps/accounts/views/user.py
View File

@@ -106,6 +106,7 @@ class UserDetailAPIView(generics.RetrieveAPIView):
class AdminPermissionsAPIView(generics.GenericAPIView): class AdminPermissionsAPIView(generics.GenericAPIView):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated]
queryset = User.objects.all()
def get(self, request): def get(self, request):
if request.user.role.name != RoleChoice.ADMIN: if request.user.role.name != RoleChoice.ADMIN:

54
core/apps/evaluation/serializers/auto/AutoEvaluation.py
View File

@@ -321,6 +321,7 @@ class AutoEvaluationAppraisersSerializer(serializers.Serializer):
data['users'] = users data['users'] = users
return data return data
class AutoEvaluationSerializer(serializers.Serializer): class AutoEvaluationSerializer(serializers.Serializer):
brand = serializers.CharField() brand = serializers.CharField()
brand_model = serializers.CharField() brand_model = serializers.CharField()
@@ -331,7 +332,58 @@ class AutoEvaluationSerializer(serializers.Serializer):
fuel_type = serializers.CharField() fuel_type = serializers.CharField()
mileage = serializers.CharField() mileage = serializers.CharField()
class AutoEvaluationModelSerializer(serializers.ModelSerializer): class AutoEvaluationModelSerializer(serializers.ModelSerializer):
user = serializers.StringRelatedField(read_only=True)
appraisers = serializers.PrimaryKeyRelatedField(
many=True,
queryset=User.objects.all(),
required=False
)
class Meta: class Meta:
model = AutoEvaluationModel model = AutoEvaluationModel
fields = "__all__" fields = ("tex_passport_file",
"registration_number",
"contract_date",
"object_inspection_date",
"rate_date",
"rate_report_date",
"object_type",
"object_owner_type",
"object_owner_individual_person_f_name",
"object_owner_individual_person_l_name",
"object_owner_individual_person_p_name",
"object_owner_individual_person_passport_num",
"object_owner_legal_entity",
"object_owner_legal_inn",
"value_determined",
"rate_type",
"tex_passport_serie_num",
"tex_passport_gived_date",
"tex_passport_gived_location",
"car_type",
"car_wheel",
"car_brand",
"car_model",
"car_number",
"manufacture_year",
"car_dvigatel_number",
"car_color",
"rating_goal",
"status",
"is_archived",
"created_at",
"updated_at",
)
read_only_fields = (
"id",
"created_at",
"updated_at",
)

37
core/apps/evaluation/serializers/quick/QuickEvaluation.py
View File

@@ -131,4 +131,39 @@ class CreateQuickevaluationSerializer(serializers.ModelSerializer):
class QuickEvaluationModelSerializer(serializers.ModelSerializer): class QuickEvaluationModelSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = QuickEvaluationModel model = QuickEvaluationModel
fields = '__all__' fields = (
"id",
"created_by",
"brand",
"marka",
"car_position",
"body_type",
"color",
"fuel_type",
"state_car",
"tex_passport_serie_num",
"tech_passport_issued_date",
"tech_passport_issued_place",
"car_type",
"distance_covered",
"vin_number",
"car_number",
"car_manufactured_date",
"engine_number",
"estimated_price",
"status",
"is_archive",
"created_at",
"updated_at",
)
read_only_fields = (
"id",
"created_at",
"updated_at",
)

9
core/apps/evaluation/views/auto.py
View File

@@ -11,7 +11,7 @@ from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from core.apps.accounts.choices import RoleChoice from core.apps.accounts.permissions import IsAdminRole
from core.apps.accounts.serializers.user import UserSerializer from core.apps.accounts.serializers.user import UserSerializer
from core.apps.evaluation.filters.auto import AutoevaluationFilter from core.apps.evaluation.filters.auto import AutoevaluationFilter
from core.apps.evaluation.models import AutoEvaluationModel from core.apps.evaluation.models import AutoEvaluationModel
@@ -177,13 +177,14 @@ class AutoEvaluationArchiveAPIView(APIView):
status=200 status=200
) )
@extend_schema(tags=["AutoEvaluation"]) @extend_schema(tags=["AutoEvaluation"])
class AdminEvaluationsAPIView(generics.GenericAPIView): class AdminEvaluationsAPIView(generics.GenericAPIView):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated, IsAdminRole]
queryset = AutoEvaluationModel.objects.all()
serializer_class = AutoEvaluationModel
def get(self, request): def get(self, request):
if request.user.role != RoleChoice.ADMIN:
return Response({'detail': 'Forbidden'}, status=403)
auto_eval = AutoEvaluationModel.objects.filter( auto_eval = AutoEvaluationModel.objects.filter(
created_by=self.request.user created_by=self.request.user
).select_related('appraisers').distinct() ).select_related('appraisers').distinct()

8
core/apps/evaluation/views/quick.py
View File

@@ -16,7 +16,7 @@ from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from core.apps.accounts.choices import RoleChoice from core.apps.accounts.permissions import IsAdminRole
# core apps # core apps
from core.apps.evaluation.filters.quick import QuickevaluationFilter from core.apps.evaluation.filters.quick import QuickevaluationFilter
from core.apps.evaluation.models import QuickEvaluationModel from core.apps.evaluation.models import QuickEvaluationModel
@@ -88,11 +88,11 @@ class QuickEvaluationArchivedListAPIView(ListAPIView):
@extend_schema(tags=["QuickEvaluation"]) @extend_schema(tags=["QuickEvaluation"])
class AdminQuickEvalAPIView(generics.GenericAPIView): class AdminQuickEvalAPIView(generics.GenericAPIView):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated, IsAdminRole]
queryset = QuickEvaluationModel.objects.all()
serializer_class = QuickEvaluationModelSerializer
def get(self, request): def get(self, request):
if request.user.role != RoleChoice.ADMIN:
return Response({'detail': 'Forbidden'}, status=403)
quick_eval = QuickEvaluationModel.objects.filter( quick_eval = QuickEvaluationModel.objects.filter(
created_by=self.request.user created_by=self.request.user
).select_related('created_by').distinct() ).select_related('created_by').distinct()