Merge pull request #77 from Short-Tracker/fix/tokens_life

увеличил время жизни токенов и изменил пермишн создания таски
Short-Tracker · Feb 5, 2024 · b48dec6 · b48dec6
2 parents 582a475 + 2093067
commit b48dec6
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 10 deletions.
diff --git a/short_tracker/api/v1/filters.py b/short_tracker/api/v1/filters.py
@@ -1,7 +1,7 @@
+import django_filters
 from django.db.models import Case, Q, Value, When
 from django.utils import timezone
 from django_filters.rest_framework import FilterSet, filters
-import django_filters
 
 from tasks.models import Task
 

diff --git a/short_tracker/api/v1/permissions.py b/short_tracker/api/v1/permissions.py
@@ -9,15 +9,23 @@ def has_permission(self, request, view):
 class IsLeadOrPerformerHimselfOnly(permissions.BasePermission):
 
     def has_permission(self, request, view):
-        is_lead = request.user.is_lead
-        return request.user.id == request.data.get('performers')[0] or is_lead
+        is_lead = request.user.is_authenticated and request.user.is_team_lead
+        return is_lead or (
+            request.user.is_authenticated
+            and request.user.id == request.data.get('performers')[0]
+        )
 
 
 class IsCreatorOnly(permissions.BasePermission):
 
     def has_permission(self, request, view):
-        is_lead = request.user.is_lead
-        return [request.user.id] == request.data.get('performers') or is_lead
+        is_lead = request.user.is_authenticated and request.user.is_team_lead
+        return is_lead or (
+            request.user.is_authenticated
+            and request.user.id == request.data.get('performers')[0]
+        )
 
     def has_object_permission(self, request, view, obj):
-        return request.user.id == obj.creator.id
+        return (
+            request.user.is_authenticated
+            and request.user.id == obj.creator.id)
diff --git a/short_tracker/api/v1/tasks/views.py b/short_tracker/api/v1/tasks/views.py
@@ -1,8 +1,8 @@
 from django.contrib.auth import get_user_model
 from django.db.models import F, Q
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
 from rest_framework import viewsets
+from rest_framework.filters import SearchFilter
 from rest_framework.permissions import IsAuthenticated
 
 from .serializers import (

diff --git a/short_tracker/api/v1/users/serializers.py b/short_tracker/api/v1/users/serializers.py
@@ -3,7 +3,6 @@
 from rest_framework import serializers
 from rest_framework.exceptions import NotFound, ValidationError
 
-
 User = get_user_model()
 
 

diff --git a/short_tracker/short_tracker/settings.py b/short_tracker/short_tracker/settings.py
@@ -148,8 +148,8 @@
 }
 
 SIMPLE_JWT = {
-   'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15),
-   'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
+   'ACCESS_TOKEN_LIFETIME': timedelta(hours=8),
+   'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
    'ROTATE_REFRESH_TOKENS': True,
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,7 +3,6 @@
		from rest_framework import serializers
		from rest_framework.exceptions import NotFound, ValidationError


		User = get_user_model()


Expand Down