core/apps/accounts/serializers/permission.py

@@ -10,7 +10,7 @@ class PermissionToActionSerializer(serializers.ModelSerializer):
 
 
 class PermissionToTabSerializer(serializers.ModelSerializer):
-    permission_to_actions = PermissionToActionSerializer(many=True)
+    permission_to_actions = PermissionToActionSerializer(many=True, read_only=True)
 
     class Meta:
         model = PermissionToTab
@@ -18,7 +18,7 @@ class PermissionToTabSerializer(serializers.ModelSerializer):
 
 
 class PermissionSerializer(serializers.ModelSerializer):
-    permission_tabs = PermissionToTabSerializer(many=True)
+    permission_tabs = PermissionToTabSerializer(many=True, read_only=True)
 
     class Meta:
         model = Permission

core/apps/accounts/views/user.py

@@ -9,6 +9,8 @@ from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 
 from core.apps.accounts.choices.user import RoleChoice
+from core.apps.accounts.models import Role
+from core.apps.accounts.serializers.permission import RoleListSerializer
 from core.apps.accounts.serializers.user import UserSerializer, AdminUserSerializer, UserCreateSerializer
 
 User = get_user_model()
@@ -64,7 +66,7 @@ class AdminCreateAPIView(APIView):
         return Response(serializer.data, status=201)
 
 
-@extend_schema(tags=['User'],)
+@extend_schema(tags=['User'], )
 class AdminUpdateAPIView(generics.GenericAPIView):
     permission_classes = [IsAuthenticated]
     serializer_class = UserCreateSerializer
@@ -88,7 +90,6 @@ class DeleteAdminUserApiView(APIView):
         if request.user.role != RoleChoice.SUPERUSER:
             return Response({'detail': 'Forbidden'}, status=403)
 
-
         user = get_object_or_404(User, pk=pk)
         if user.role != RoleChoice.ADMIN:
             return Response({'detail': 'This user is not an admin'}, status=400)
@@ -100,4 +101,17 @@ class DeleteAdminUserApiView(APIView):
 class UserDetailAPIView(generics.RetrieveAPIView):
     permission_classes = [IsAuthenticated]
     serializer_class = UserSerializer
-    lookup_field = 'id'
+    lookup_field = 'id'
+
+
+class AdminPermissionsAPIView(generics.GenericAPIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        if request.user.role.name != RoleChoice.ADMIN:
+            return Response({'detail': 'Forbidden'}, status=403)
+
+        admin_role = Role.objects.get(name=RoleChoice.ADMIN)
+
+        serializer = RoleListSerializer(admin_role)
+        return Response(serializer.data)

core/apps/evaluation/serializers/auto/AutoEvaluation.py

@@ -329,4 +329,9 @@ class AutoEvaluationSerializer(serializers.Serializer):
     transmission = serializers.CharField()
     condition = serializers.CharField()
     fuel_type = serializers.CharField()
-    mileage = serializers.CharField()
+    mileage = serializers.CharField()
+
+class AutoEvaluationModelSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AutoEvaluationModel
+        fields = "__all__"

core/apps/evaluation/serializers/quick/QuickEvaluation.py

@@ -128,3 +128,7 @@ class CreateQuickevaluationSerializer(serializers.ModelSerializer):
         return super().create(validated_data)
 
 
+class QuickEvaluationModelSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = QuickEvaluationModel
+        fields = '__all__'

core/apps/evaluation/urls.py

@@ -37,6 +37,7 @@ urlpatterns = [
     # Quick Evaluation
     path('quick-evaluation/', include(
         [
+            path("admin/", views.AdminQuickEvalAPIView.as_view(), name="quick-evaluation"),
             path(
                 'archive/', include(
                     [
@@ -51,6 +52,7 @@ urlpatterns = [
     # Auto Evaluation
     path("auto-evaluation/", include(
         [
+            path("admin/", views.AdminEvaluationsAPIView.as_view(), name="admin-evaluations"),
             path('archive/', include(
                 [
                     path('<int:pk>/', views.AutoEvaluationArchiveAPIView.as_view()),

core/apps/evaluation/views/auto.py

@@ -1,10 +1,9 @@
 from django.db.models import Q
 from django.shortcuts import get_object_or_404
 from django_core.mixins import BaseViewSetMixin
-
 from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import extend_schema, OpenApiParameter
-
+from rest_framework import generics
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.generics import GenericAPIView, ListAPIView
 from rest_framework.permissions import AllowAny, IsAuthenticated
@@ -12,10 +11,12 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 
+from core.apps.accounts.choices import RoleChoice
 from core.apps.accounts.serializers.user import UserSerializer
 from core.apps.evaluation.filters.auto import AutoevaluationFilter
 from core.apps.evaluation.models import AutoEvaluationModel
-from core.apps.evaluation.serializers import auto as serializers
+from core.apps.evaluation.serializers import auto as serializers, AutoEvaluationModelSerializer
+
 
 @extend_schema(tags=["AutoEvaluation"])
 class AutoEvaluationView(BaseViewSetMixin, ModelViewSet):
@@ -175,3 +176,16 @@ class AutoEvaluationArchiveAPIView(APIView):
             },
             status=200
         )
+
+@extend_schema(tags=["AutoEvaluation"])
+class AdminEvaluationsAPIView(generics.GenericAPIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        if request.user.role != RoleChoice.ADMIN:
+            return Response({'detail': 'Forbidden'}, status=403)
+        auto_eval = AutoEvaluationModel.objects.filter(
+            created_by=self.request.user
+        ).select_related('appraisers').distinct()
+        serializer = AutoEvaluationModelSerializer(auto_eval, many=True)
+        return Response(serializer.data)

core/apps/evaluation/views/quick.py

@@ -1,17 +1,13 @@
 # django
 from django.shortcuts import get_object_or_404
-
 # django core
 from django_core.mixins import BaseViewSetMixin
-
 # django filters
 from django_filters.rest_framework import DjangoFilterBackend
-
 # swagger
 from drf_spectacular.utils import extend_schema
-
 # rest framework
-from rest_framework import status
+from rest_framework import status, generics
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.generics import ListAPIView
 from rest_framework.parsers import FormParser, MultiPartParser
@@ -20,10 +16,11 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 
+from core.apps.accounts.choices import RoleChoice
 # core apps
 from core.apps.evaluation.filters.quick import QuickevaluationFilter
 from core.apps.evaluation.models import QuickEvaluationModel
-from core.apps.evaluation.serializers import quick as serializers
+from core.apps.evaluation.serializers import quick as serializers, QuickEvaluationModelSerializer
 
 
 @extend_schema(tags=["QuickEvaluation"])
@@ -87,3 +84,18 @@ class QuickEvaluationArchivedListAPIView(ListAPIView):
 
     def get_queryset(self):
         return QuickEvaluationModel.objects.filter(is_archive=True)
+
+
+@extend_schema(tags=["QuickEvaluation"])
+class AdminQuickEvalAPIView(generics.GenericAPIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        if request.user.role != RoleChoice.ADMIN:
+            return Response({'detail': 'Forbidden'}, status=403)
+        quick_eval = QuickEvaluationModel.objects.filter(
+            created_by=self.request.user
+        ).select_related('created_by').distinct()
+        serializer = QuickEvaluationModelSerializer(quick_eval, many=True)
+
+        return Response(serializer.data)