enable filtering per user account to only show owned objects.
This commit is contained in:
DJ Gillespie
parent
b98ad76080
commit
8d15f325bb
19
qrtr_account/migrations/0019_rule_bank_acc.py
Normal file
19
qrtr_account/migrations/0019_rule_bank_acc.py
Normal file
@ -0,0 +1,19 @@
|
||||
# Generated by Django 3.2.3 on 2024-08-01 00:55
|
||||
|
||||
from django.db import migrations, models
|
||||
import django.db.models.deletion
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('qrtr_account', '0018_auto_20240118_0319'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name='rule',
|
||||
name='bank_acc',
|
||||
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='qrtr_account.bankaccount'),
|
||||
),
|
||||
]
|
||||
@ -108,6 +108,7 @@ class Schedule(models.Model):
|
||||
|
||||
|
||||
class Rule(models.Model):
|
||||
bank_acc = models.ForeignKey(BankAccount, on_delete=models.CASCADE, null=True, blank=True)
|
||||
kinds = [("refill", "Refill"), ("increase", "Increase"), ("goal", "Goal")]
|
||||
kind = models.CharField(choices=kinds, max_length=255)
|
||||
when_to_run = models.ForeignKey(Schedule, on_delete=models.CASCADE)
|
||||
|
||||
@ -18,6 +18,13 @@ from allauth.socialaccount.providers.twitter.views import TwitterOAuthAdapter
|
||||
from dj_rest_auth.social_serializers import TwitterLoginSerializer
|
||||
from api.mixins import ReadWriteSerializerMixin
|
||||
|
||||
class OwnedAccountsMixin():
|
||||
|
||||
def accessible_accounts(self):
|
||||
usr = self.request.user
|
||||
return usr.owned_accounts.all()\
|
||||
.union(usr.admin_accounts.all())\
|
||||
.union(usr.view_accounts.all())
|
||||
|
||||
class TwitterLogin(SocialLoginView):
|
||||
serializer_class = TwitterLoginSerializer
|
||||
@ -28,7 +35,7 @@ class FacebookLogin(SocialLoginView):
|
||||
adapter_class = FacebookOAuth2Adapter
|
||||
|
||||
|
||||
class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
|
||||
class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||
"""API endpoint that allows accounts to be viewed or edited
|
||||
"""
|
||||
permission_classes = [IsAuthenticated]
|
||||
@ -37,8 +44,11 @@ class AccountViewSet(ReadWriteSerializerMixin, viewsets.ModelViewSet):
|
||||
read_serializer_class = AccountReadSerializer
|
||||
write_serializer_class = AccountWriteSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
return self.accessible_accounts()
|
||||
|
||||
class BankAccountViewSet(viewsets.ModelViewSet):
|
||||
|
||||
class BankAccountViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||
"""API endpoint that allows BankAccounts to be viewed or edited
|
||||
"""
|
||||
permission_classes = [IsAuthenticated]
|
||||
@ -51,8 +61,12 @@ class BankAccountViewSet(viewsets.ModelViewSet):
|
||||
return BankAccountSerializerPOST
|
||||
return BankAccountSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
return BankAccount.objects.filter(
|
||||
qrtr_account__in=self.accessible_accounts().values_list('id'))
|
||||
|
||||
class SliceViewSet(viewsets.ModelViewSet):
|
||||
|
||||
class SliceViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||
"""API endpoint that allows BankAccounts to be viewed.
|
||||
"""
|
||||
permission_classes = [IsAuthenticated]
|
||||
@ -68,6 +82,11 @@ class SliceViewSet(viewsets.ModelViewSet):
|
||||
# 'slice_of': ['exact']
|
||||
}
|
||||
|
||||
def get_queryset(self):
|
||||
return Slice.objects.select_related('bank_acc').filter(
|
||||
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||
)
|
||||
|
||||
class SubscriptionPlanViewSet(viewsets.ModelViewSet):
|
||||
|
||||
queryset = SubscriptionPlan.objects.all()
|
||||
@ -82,7 +101,7 @@ class InstitutionViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
serializer_class = InstitutionSerializer
|
||||
|
||||
|
||||
class TransactionViewSet(viewsets.ModelViewSet):
|
||||
class TransactionViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||
"""API endpoint that allows BankAccounts to be viewed.
|
||||
"""
|
||||
permission_classes = [IsAuthenticated]
|
||||
@ -119,8 +138,13 @@ class TransactionViewSet(viewsets.ModelViewSet):
|
||||
child2 = Transaction.objects.create(**base_information)
|
||||
child2.name = f"{child1.name}.split2"
|
||||
|
||||
def get_queryset(self):
|
||||
return Transaction.objects.select_related('bank').filter(
|
||||
bank__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||
).filter(is_split=False)
|
||||
|
||||
class SliceTransactionViewSet(viewsets.ModelViewSet):
|
||||
|
||||
class SliceTransactionViewSet(viewsets.ModelViewSet, OwnedAccountsMixin):
|
||||
|
||||
permission_classes = [IsAuthenticated]
|
||||
serializer_class = SliceTransactionSerializer
|
||||
@ -134,13 +158,23 @@ class SliceTransactionViewSet(viewsets.ModelViewSet):
|
||||
# 'slice_of': ['exact']
|
||||
}
|
||||
|
||||
def get_queryset(self):
|
||||
return Slice.objects.select_related('bank_acc').filter(
|
||||
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||
)
|
||||
|
||||
# def get_queryset(self):
|
||||
# return Transaction.objects.filter(slice__pk=self.kwargs.get('slice_pk'))
|
||||
|
||||
|
||||
class RuleViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
class RuleViewSet(viewsets.ReadOnlyModelViewSet, OwnedAccountsMixin):
|
||||
"""API endpoint that allows BankAccounts to be viewed.
|
||||
"""
|
||||
permission_classes = [IsAuthenticated]
|
||||
queryset = Rule.objects.all()
|
||||
serializer_class = RuleSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
return Rule.objects.select_related('bank_acc').filter(
|
||||
bank_acc__qrtr_account__in=self.accessible_accounts().values_list('id')
|
||||
)
|
||||
Loading…
Reference in New Issue
Block a user