2026-04-30 11:03:52 +00:00
7 changed files with 115 additions and 11 deletions
--- a/core/apps/accounts/permissions.py
+++ b/core/apps/accounts/permissions.py
@@ -0,0 +1,15 @@
+from rest_framework.exceptions import PermissionDenied
+from rest_framework.permissions import BasePermission
+
+from core.apps.accounts.choices import RoleChoice
+
+
+class IsAdminRole(BasePermission):
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated:
+            return False
+
+        if request.user.role != RoleChoice.ADMIN:
+            raise PermissionDenied("Only admin can access this")
+
+        return True
--- a/core/apps/accounts/urls.py
+++ b/core/apps/accounts/urls.py
@@ -27,7 +27,7 @@ urlpatterns = [
    path("", include(router.urls)),
    path("auth/token/", jwt_views.TokenObtainPairView.as_view(), name="token_obtain_pair"),
    path("auth/token/verify/", jwt_views.TokenVerifyView.as_view(), name="token_verify"),
-    path("auth/token/refresh/",jwt_views.TokenRefreshView.as_view()),
+    path("auth/token/refresh/", jwt_views.TokenRefreshView.as_view()),
    path("user/list/", UserListApiView.as_view(), name="user-list"),
    path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"),
    path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"),
--- a/core/apps/accounts/views/user.py
+++ b/core/apps/accounts/views/user.py
@@ -106,6 +106,7 @@ class UserDetailAPIView(generics.RetrieveAPIView):

 class AdminPermissionsAPIView(generics.GenericAPIView):
    permission_classes = [IsAuthenticated]
+    queryset = User.objects.all()

    def get(self, request):
        if request.user.role.name != RoleChoice.ADMIN:
--- a/core/apps/evaluation/serializers/auto/AutoEvaluation.py
+++ b/core/apps/evaluation/serializers/auto/AutoEvaluation.py
@@ -321,6 +321,7 @@ class AutoEvaluationAppraisersSerializer(serializers.Serializer):
        data['users'] = users
        return data

+
 class AutoEvaluationSerializer(serializers.Serializer):
    brand = serializers.CharField()
    brand_model = serializers.CharField()
@@ -331,7 +332,58 @@ class AutoEvaluationSerializer(serializers.Serializer):
    fuel_type = serializers.CharField()
    mileage = serializers.CharField()

+
 class AutoEvaluationModelSerializer(serializers.ModelSerializer):
+    user = serializers.StringRelatedField(read_only=True)
+    appraisers = serializers.PrimaryKeyRelatedField(
+        many=True,
+        queryset=User.objects.all(),
+        required=False
+    )
+
    class Meta:
        model = AutoEvaluationModel
-        fields = "__all__"
+        fields = ("tex_passport_file",
+
+            "registration_number",
+            "contract_date",
+            "object_inspection_date",
+            "rate_date",
+            "rate_report_date",
+            "object_type",
+
+            "object_owner_type",
+            "object_owner_individual_person_f_name",
+            "object_owner_individual_person_l_name",
+            "object_owner_individual_person_p_name",
+            "object_owner_individual_person_passport_num",
+            "object_owner_legal_entity",
+            "object_owner_legal_inn",
+            "value_determined",
+            "rate_type",
+
+            "tex_passport_serie_num",
+            "tex_passport_gived_date",
+            "tex_passport_gived_location",
+            "car_type",
+            "car_wheel",
+            "car_brand",
+            "car_model",
+            "car_number",
+            "manufacture_year",
+            "car_dvigatel_number",
+            "car_color",
+
+            "rating_goal",
+            "status",
+            "is_archived",
+
+            "created_at",
+            "updated_at",
+        )
+
+        read_only_fields = (
+            "id",
+            "created_at",
+            "updated_at",
+        )
--- a/core/apps/evaluation/serializers/quick/QuickEvaluation.py
+++ b/core/apps/evaluation/serializers/quick/QuickEvaluation.py
@@ -131,4 +131,39 @@ class CreateQuickevaluationSerializer(serializers.ModelSerializer):
 class QuickEvaluationModelSerializer(serializers.ModelSerializer):
    class Meta:
        model = QuickEvaluationModel
-        fields = '__all__'
+        fields = (
+            "id",
+
+            "created_by",
+            "brand",
+            "marka",
+            "car_position",
+            "body_type",
+            "color",
+            "fuel_type",
+            "state_car",
+
+            "tex_passport_serie_num",
+            "tech_passport_issued_date",
+            "tech_passport_issued_place",
+
+            "car_type",
+            "distance_covered",
+            "vin_number",
+            "car_number",
+            "car_manufactured_date",
+            "engine_number",
+
+            "estimated_price",
+            "status",
+            "is_archive",
+
+            "created_at",
+            "updated_at",
+        )
+
+        read_only_fields = (
+            "id",
+            "created_at",
+            "updated_at",
+        )
--- a/core/apps/evaluation/views/auto.py
+++ b/core/apps/evaluation/views/auto.py
@@ -11,7 +11,7 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet

-from core.apps.accounts.choices import RoleChoice
+from core.apps.accounts.permissions import IsAdminRole
 from core.apps.accounts.serializers.user import UserSerializer
 from core.apps.evaluation.filters.auto import AutoevaluationFilter
 from core.apps.evaluation.models import AutoEvaluationModel
@@ -177,13 +177,14 @@ class AutoEvaluationArchiveAPIView(APIView):
            status=200
        )

+
@extend_schema(tags=["AutoEvaluation"])
 class AdminEvaluationsAPIView(generics.GenericAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, IsAdminRole]
+    queryset = AutoEvaluationModel.objects.all()
+    serializer_class = AutoEvaluationModel

    def get(self, request):
-        if request.user.role != RoleChoice.ADMIN:
-            return Response({'detail': 'Forbidden'}, status=403)
        auto_eval = AutoEvaluationModel.objects.filter(
            created_by=self.request.user
        ).select_related('appraisers').distinct()
--- a/core/apps/evaluation/views/quick.py
+++ b/core/apps/evaluation/views/quick.py
@@ -16,7 +16,7 @@ from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet

-from core.apps.accounts.choices import RoleChoice
+from core.apps.accounts.permissions import IsAdminRole
 # core apps
 from core.apps.evaluation.filters.quick import QuickevaluationFilter
 from core.apps.evaluation.models import QuickEvaluationModel
@@ -88,11 +88,11 @@ class QuickEvaluationArchivedListAPIView(ListAPIView):

@extend_schema(tags=["QuickEvaluation"])
 class AdminQuickEvalAPIView(generics.GenericAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, IsAdminRole]
+    queryset = QuickEvaluationModel.objects.all()
+    serializer_class = QuickEvaluationModelSerializer

    def get(self, request):
-        if request.user.role != RoleChoice.ADMIN:
-            return Response({'detail': 'Forbidden'}, status=403)
        quick_eval = QuickEvaluationModel.objects.filter(
            created_by=self.request.user
        ).select_related('created_by').distinct()