enable filtering per user account to only show owned objects.
This commit is contained in:
DJ Gillespie
parent
b98ad76080
commit
8d15f325bb
19
qrtr_account/migrations/0019_rule_bank_acc.py
Normal file
19
qrtr_account/migrations/0019_rule_bank_acc.py
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Generated by Django 3.2.3 on 2024-08-01 00:55
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('qrtr_account', '0018_auto_20240118_0319'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='rule',
|
||||||
|
name='bank_acc',
|
||||||
|
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='qrtr_account.bankaccount'),
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -108,6 +108,7 @@ class Schedule(models.Model):
|
|||||||
|
|
||||||
|
|
||||||
class Rule(models.Model):
|
class Rule(models.Model):
|
||||||
|
bank_acc = models.ForeignKey(BankAccount, on_delete=models.CASCADE, null=True, blank=True)
|
||||||
kinds = [("refill", "Refill"), ("increase", "Increase"), ("goal", "Goal")]
|
kinds = [("refill", "Refill"), ("increase", "Increase"), ("goal", "Goal")]
|
||||||
kind = models.CharField(choices=kinds, max_length=255)
|
kind = models.CharField(choices=kinds, max_length=255)
|
||||||
when_to_run = models.ForeignKey(Schedule, on_delete=models.CASCADE)
|
when_to_run = models.ForeignKey(Schedule, on_delete=models.CASCADE)
|
||||||
|
|||||||
@ -18,6 +18,13 @@ from allauth.socialaccount.providers.twitter.views import TwitterOAuthAdapter
|
|||||||
from dj_rest_auth.social_serializers import TwitterLoginSerializer
|
from dj_rest_auth.social_serializers import TwitterLoginSerializer
|
||||||
from api.mixins import ReadWriteSerializerMixin
|
from api.mixins import ReadWriteSerializerMixin
|
||||||
|
|
||||||
|
class OwnedAccountsMixin():
|
||||||
|
|
||||||
|
def accessible_accounts(self):
|
||||||
|
usr = self.request.user
|
||||||
|
return usr.owned_accounts.all()\
|
||||||
|
.union(usr.admin_accounts.all())\
|
||||||
|
.union(usr.view_accounts.all())
|
||||||
|
|
||||||
class TwitterLogin(SocialLoginView):
|
class TwitterLogin(SocialLoginView):
|
||||||
serializer_class = TwitterLoginSerializer
|
serializer_class = TwitterLoginSerializer
|
||||||
@ -28,7 +35,7 @@ class FacebookLogin(SocialLoginView):
|
|||||||
adapter_class = FacebookOAuth2Adapter
|
adapter_class = FacebookOAuth2Adapter
|
||||||
|
|
||||||
|
|
||||||
class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
|
class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||||
"""API endpoint that allows accounts to be viewed or edited
|
"""API endpoint that allows accounts to be viewed or edited
|
||||||
"""
|
"""
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
@ -37,8 +44,11 @@ class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
|
|||||||
read_serializer_class = AccountReadSerializer
|
read_serializer_class = AccountReadSerializer
|
||||||
write_serializer_class = AccountWriteSerializer
|
write_serializer_class = AccountWriteSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return self.accessible_accounts()
|
||||||
|
|
||||||
class BankAccountViewSet(viewsets.ModelViewSet):
|
|
||||||
|
class BankAccountViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||||
"""API endpoint that allows BankAccounts to be viewed or edited
|
"""API endpoint that allows BankAccounts to be viewed or edited
|
||||||
"""
|
"""
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
@ -51,8 +61,12 @@ class BankAccountViewSet(viewsets.ModelViewSet):
|
|||||||
return BankAccountSerializerPOST
|
return BankAccountSerializerPOST
|
||||||
return BankAccountSerializer
|
return BankAccountSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return BankAccount.objects.filter(
|
||||||
|
qrtr_account__in=self.accessible_accounts().values_list('id'))
|
||||||
|
|
||||||
class SliceViewSet(viewsets.ModelViewSet):
|
|
||||||
|
class SliceViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||||
"""API endpoint that allows BankAccounts to be viewed.
|
"""API endpoint that allows BankAccounts to be viewed.
|
||||||
"""
|
"""
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
@ -68,6 +82,11 @@ class SliceViewSet(viewsets.ModelViewSet):
|
|||||||
# 'slice_of': ['exact']
|
# 'slice_of': ['exact']
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return Slice.objects.select_related('bank_acc').filter(
|
||||||
|
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||||
|
)
|
||||||
|
|
||||||
class SubscriptionPlanViewSet(viewsets.ModelViewSet):
|
class SubscriptionPlanViewSet(viewsets.ModelViewSet):
|
||||||
|
|
||||||
queryset = SubscriptionPlan.objects.all()
|
queryset = SubscriptionPlan.objects.all()
|
||||||
@ -82,7 +101,7 @@ class InstitutionViewSet(viewsets.ReadOnlyModelViewSet):
|
|||||||
serializer_class = InstitutionSerializer
|
serializer_class = InstitutionSerializer
|
||||||
|
|
||||||
|
|
||||||
class TransactionViewSet(viewsets.ModelViewSet):
|
class TransactionViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||||
"""API endpoint that allows BankAccounts to be viewed.
|
"""API endpoint that allows BankAccounts to be viewed.
|
||||||
"""
|
"""
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
@ -119,8 +138,13 @@ class TransactionViewSet(viewsets.ModelViewSet):
|
|||||||
child2 = Transaction.objects.create(**base_information)
|
child2 = Transaction.objects.create(**base_information)
|
||||||
child2.name = f"{child1.name}.split2"
|
child2.name = f"{child1.name}.split2"
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return Transaction.objects.select_related('bank').filter(
|
||||||
|
bank__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||||
|
).filter(is_split=False)
|
||||||
|
|
||||||
class SliceTransactionViewSet(viewsets.ModelViewSet):
|
|
||||||
|
class SliceTransactionViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||||
|
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
serializer_class = SliceTransactionSerializer
|
serializer_class = SliceTransactionSerializer
|
||||||
@ -134,13 +158,23 @@ class SliceTransactionViewSet(viewsets.ModelViewSet):
|
|||||||
# 'slice_of': ['exact']
|
# 'slice_of': ['exact']
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return Slice.objects.select_related('bank_acc').filter(
|
||||||
|
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||||
|
)
|
||||||
|
|
||||||
# def get_queryset(self):
|
# def get_queryset(self):
|
||||||
# return Transaction.objects.filter(slice__pk=self.kwargs.get('slice_pk'))
|
# return Transaction.objects.filter(slice__pk=self.kwargs.get('slice_pk'))
|
||||||
|
|
||||||
|
|
||||||
class RuleViewSet(viewsets.ReadOnlyModelViewSet):
|
class RuleViewSet(viewsets.ReadOnlyModelViewSet, OwnedAccountsMixin):
|
||||||
"""API endpoint that allows BankAccounts to be viewed.
|
"""API endpoint that allows BankAccounts to be viewed.
|
||||||
"""
|
"""
|
||||||
permission_classes = [IsAuthenticated]
|
permission_classes = [IsAuthenticated]
|
||||||
queryset = Rule.objects.all()
|
queryset = Rule.objects.all()
|
||||||
serializer_class = RuleSerializer
|
serializer_class = RuleSerializer
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
return Rule.objects.select_related('bank_acc').filter(
|
||||||
|
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||||
|
)
|
||||||
Loading…
Reference in New Issue
Block a user