diff --git a/cinema/views.py b/cinema/views.py index 7be2ae2d..5a13a31e 100644 --- a/cinema/views.py +++ b/cinema/views.py @@ -1,9 +1,10 @@ from datetime import datetime from django.db.models import F, Count -from rest_framework import viewsets +from rest_framework import viewsets, mixins from rest_framework.authentication import TokenAuthentication from rest_framework.pagination import PageNumberPagination +from rest_framework.permissions import IsAuthenticated from cinema.models import Genre, Actor, CinemaHall, Movie, MovieSession, Order @@ -20,35 +21,52 @@ OrderSerializer, OrderListSerializer, ) -from user.permissions import IsAdminOrIfAuthenticatedListCreate, IsAdminOrIfAuthenticatedCRUD +from user.permissions import IsAdminOrIfAuthenticatedReadOnly -class GenreViewSet(viewsets.ModelViewSet): +class GenreViewSet( + viewsets.GenericViewSet, + mixins.ListModelMixin, + mixins.CreateModelMixin +): queryset = Genre.objects.all() serializer_class = GenreSerializer authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedListCreate,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) -class ActorViewSet(viewsets.ModelViewSet): +class ActorViewSet( + viewsets.GenericViewSet, + mixins.ListModelMixin, + mixins.CreateModelMixin +): queryset = Actor.objects.all() serializer_class = ActorSerializer authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedListCreate,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) -class CinemaHallViewSet(viewsets.ModelViewSet): +class CinemaHallViewSet( + viewsets.GenericViewSet, + mixins.ListModelMixin, + mixins.CreateModelMixin +): queryset = CinemaHall.objects.all() serializer_class = CinemaHallSerializer authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedListCreate,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) -class MovieViewSet(viewsets.ModelViewSet): +class MovieViewSet( + viewsets.GenericViewSet, + mixins.ListModelMixin, + mixins.CreateModelMixin, + mixins.RetrieveModelMixin, +): queryset = Movie.objects.prefetch_related("genres", "actors") serializer_class = MovieSerializer authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedListCreate,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) @staticmethod def _params_to_ints(qs): @@ -86,19 +104,28 @@ def get_serializer_class(self): return MovieSerializer -class MovieSessionViewSet(viewsets.ModelViewSet): +class MovieSessionViewSet( + mixins.ListModelMixin, + mixins.CreateModelMixin, + mixins.RetrieveModelMixin, + mixins.UpdateModelMixin, + mixins.DestroyModelMixin, + viewsets.GenericViewSet, +): queryset = ( MovieSession.objects.all() .select_related("movie", "cinema_hall") .annotate( - tickets_available=F("cinema_hall__rows") - * F("cinema_hall__seats_in_row") - - Count("tickets") + tickets_available=( + F("cinema_hall__rows") + * F("cinema_hall__seats_in_row") + - Count("tickets") + ) ) ) serializer_class = MovieSessionSerializer authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedCRUD,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) def get_queryset(self): date = self.request.query_params.get("date") @@ -130,14 +157,18 @@ class OrderPagination(PageNumberPagination): max_page_size = 100 -class OrderViewSet(viewsets.ModelViewSet): +class OrderViewSet( + viewsets.GenericViewSet, + mixins.ListModelMixin, + mixins.CreateModelMixin, +): queryset = Order.objects.prefetch_related( "tickets__movie_session__movie", "tickets__movie_session__cinema_hall" ) serializer_class = OrderSerializer pagination_class = OrderPagination - authentication_classes = (TokenAuthentication,) - permission_classes = (IsAdminOrIfAuthenticatedListCreate,) + authentication_classes = [TokenAuthentication] + permission_classes = [IsAuthenticated] def get_queryset(self): return Order.objects.filter(user=self.request.user) diff --git a/cinema_service/settings.py b/cinema_service/settings.py index ba48a693..062c0ac0 100644 --- a/cinema_service/settings.py +++ b/cinema_service/settings.py @@ -137,4 +137,3 @@ # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" - diff --git a/user/permissions.py b/user/permissions.py index 17a98101..2522d6b4 100644 --- a/user/permissions.py +++ b/user/permissions.py @@ -1,4 +1,3 @@ - from rest_framework.permissions import BasePermission, SAFE_METHODS @@ -6,28 +5,9 @@ class IsAdminOrIfAuthenticatedReadOnly(BasePermission): def has_permission(self, request, view): return bool( ( - request.method in SAFE_METHODS - and request.user - and request.user.is_authenticated + request.method in SAFE_METHODS + and request.user + and request.user.is_authenticated ) or (request.user and request.user.is_staff) ) - - -class IsAdminOrIfAuthenticatedListCreate(BasePermission): - def has_permission(self, request, view): - if request.method in ("GET", "HEAD", "OPTIONS"): - return request.user and request.user.is_authenticated - if request.method == "delete": - return False - return IsAdminOrIfAuthenticatedReadOnly - - def has_object_permission(self, request, view, obj): - return False - - -class IsAdminOrIfAuthenticatedCRUD(BasePermission): - def has_permission(self, request, view): - if view.action in ["list", "create", "update", "partial_update", "delete"]: - return request.user and request.user.is_authenticated - return IsAdminOrIfAuthenticatedReadOnly diff --git a/user/serializers.py b/user/serializers.py index 4d44442d..ada8c204 100644 --- a/user/serializers.py +++ b/user/serializers.py @@ -21,6 +21,3 @@ def update(self, instance, validated_data): user.save() return user - - - diff --git a/user/views.py b/user/views.py index 73bd38d3..6146bb51 100644 --- a/user/views.py +++ b/user/views.py @@ -29,4 +29,3 @@ class MyView(viewsets.ModelViewSet): serializer_class = UserSerializer authentication_classes = (TokenAuthentication,) permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) -