🔄 Update image to 147 [CI SKIP]

Reviewed-on: #128

config/urls.py

@@ -13,7 +13,7 @@ from config.env import env
 
 
 def home(request):
-    return HttpResponse("OK: #3781ce29e5447f1473964c4c47fbdef2a38c6751")
+    return HttpResponse("OK: #65ab51e65224a92a4b6d488d3e8f9b21d3256876")
 
 
 urlpatterns = [

core/apps/accounts/permissions.py

@@ -0,0 +1,15 @@
+from rest_framework.exceptions import PermissionDenied
+from rest_framework.permissions import BasePermission
+
+from core.apps.accounts.choices import RoleChoice
+
+
+class IsAdminRole(BasePermission):
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated:
+            return False
+
+        if request.user.role != RoleChoice.ADMIN:
+            raise PermissionDenied("Only admin can access this")
+
+        return True

core/apps/accounts/urls.py

@@ -27,7 +27,7 @@ urlpatterns = [
     path("", include(router.urls)),
     path("auth/token/", jwt_views.TokenObtainPairView.as_view(), name="token_obtain_pair"),
     path("auth/token/verify/", jwt_views.TokenVerifyView.as_view(), name="token_verify"),
-    path("auth/token/refresh/",jwt_views.TokenRefreshView.as_view()),
+    path("auth/token/refresh/", jwt_views.TokenRefreshView.as_view()),
     path("user/list/", UserListApiView.as_view(), name="user-list"),
     path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"),
     path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"),

core/apps/accounts/views/user.py

@@ -106,6 +106,7 @@ class UserDetailAPIView(generics.RetrieveAPIView):
 
 class AdminPermissionsAPIView(generics.GenericAPIView):
     permission_classes = [IsAuthenticated]
+    queryset = User.objects.all()
 
     def get(self, request):
         if request.user.role.name != RoleChoice.ADMIN:

core/apps/evaluation/serializers/auto/AutoEvaluation.py

@@ -321,6 +321,7 @@ class AutoEvaluationAppraisersSerializer(serializers.Serializer):
         data['users'] = users
         return data
 
+
 class AutoEvaluationSerializer(serializers.Serializer):
     brand = serializers.CharField()
     brand_model = serializers.CharField()
@@ -331,7 +332,58 @@ class AutoEvaluationSerializer(serializers.Serializer):
     fuel_type = serializers.CharField()
     mileage = serializers.CharField()
 
+
 class AutoEvaluationModelSerializer(serializers.ModelSerializer):
+    user = serializers.StringRelatedField(read_only=True)
+    appraisers = serializers.PrimaryKeyRelatedField(
+        many=True,
+        queryset=User.objects.all(),
+        required=False
+    )
+
     class Meta:
         model = AutoEvaluationModel
-        fields = "__all__"
+        fields = ("tex_passport_file",
+
+            "registration_number",
+            "contract_date",
+            "object_inspection_date",
+            "rate_date",
+            "rate_report_date",
+            "object_type",
+
+            "object_owner_type",
+            "object_owner_individual_person_f_name",
+            "object_owner_individual_person_l_name",
+            "object_owner_individual_person_p_name",
+            "object_owner_individual_person_passport_num",
+            "object_owner_legal_entity",
+            "object_owner_legal_inn",
+            "value_determined",
+            "rate_type",
+
+            "tex_passport_serie_num",
+            "tex_passport_gived_date",
+            "tex_passport_gived_location",
+            "car_type",
+            "car_wheel",
+            "car_brand",
+            "car_model",
+            "car_number",
+            "manufacture_year",
+            "car_dvigatel_number",
+            "car_color",
+
+            "rating_goal",
+            "status",
+            "is_archived",
+
+            "created_at",
+            "updated_at",
+        )
+
+        read_only_fields = (
+            "id",
+            "created_at",
+            "updated_at",
+        )

core/apps/evaluation/serializers/quick/QuickEvaluation.py

@@ -131,4 +131,39 @@ class CreateQuickevaluationSerializer(serializers.ModelSerializer):
 class QuickEvaluationModelSerializer(serializers.ModelSerializer):
     class Meta:
         model = QuickEvaluationModel
-        fields = '__all__'
+        fields = (
+            "id",
+
+            "created_by",
+            "brand",
+            "marka",
+            "car_position",
+            "body_type",
+            "color",
+            "fuel_type",
+            "state_car",
+
+            "tex_passport_serie_num",
+            "tech_passport_issued_date",
+            "tech_passport_issued_place",
+
+            "car_type",
+            "distance_covered",
+            "vin_number",
+            "car_number",
+            "car_manufactured_date",
+            "engine_number",
+
+            "estimated_price",
+            "status",
+            "is_archive",
+
+            "created_at",
+            "updated_at",
+        )
+
+        read_only_fields = (
+            "id",
+            "created_at",
+            "updated_at",
+        )

core/apps/evaluation/views/auto.py

@@ -11,7 +11,7 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 
-from core.apps.accounts.choices import RoleChoice
+from core.apps.accounts.permissions import IsAdminRole
 from core.apps.accounts.serializers.user import UserSerializer
 from core.apps.evaluation.filters.auto import AutoevaluationFilter
 from core.apps.evaluation.models import AutoEvaluationModel
@@ -177,13 +177,14 @@ class AutoEvaluationArchiveAPIView(APIView):
             status=200
         )
 
+
 @extend_schema(tags=["AutoEvaluation"])
 class AdminEvaluationsAPIView(generics.GenericAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, IsAdminRole]
+    queryset = AutoEvaluationModel.objects.all()
+    serializer_class = AutoEvaluationModel
 
     def get(self, request):
-        if request.user.role != RoleChoice.ADMIN:
-            return Response({'detail': 'Forbidden'}, status=403)
         auto_eval = AutoEvaluationModel.objects.filter(
             created_by=self.request.user
         ).select_related('appraisers').distinct()

core/apps/evaluation/views/quick.py

@@ -16,7 +16,7 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 
-from core.apps.accounts.choices import RoleChoice
+from core.apps.accounts.permissions import IsAdminRole
 # core apps
 from core.apps.evaluation.filters.quick import QuickevaluationFilter
 from core.apps.evaluation.models import QuickEvaluationModel
@@ -88,11 +88,11 @@ class QuickEvaluationArchivedListAPIView(ListAPIView):
 
 @extend_schema(tags=["QuickEvaluation"])
 class AdminQuickEvalAPIView(generics.GenericAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, IsAdminRole]
+    queryset = QuickEvaluationModel.objects.all()
+    serializer_class = QuickEvaluationModelSerializer
 
     def get(self, request):
-        if request.user.role != RoleChoice.ADMIN:
-            return Response({'detail': 'Forbidden'}, status=403)
         quick_eval = QuickEvaluationModel.objects.filter(
             created_by=self.request.user
         ).select_related('created_by').distinct()

stack.yaml

@@ -84,7 +84,7 @@ services:
         max-file: "5"
 
   web:
-    image: husanjon/sifatbaho:145
+    image: husanjon/sifatbaho:147
     env_file:
       - .env
     environment:
@@ -129,7 +129,7 @@ services:
         max-file: "5"
 
   celery:
-    image: husanjon/sifatbaho:145
+    image: husanjon/sifatbaho:147
     env_file:
       - .env
     environment: