Commit c56537a8 authored by Morten Nordseth's avatar Morten Nordseth
Browse files

smell - shotgun surgery

parent e1ef5874
Pipeline #128536 failed with stages
from rest_framework import permissions
from workouts.models import Visibility
class IsCommentVisibleToUser(permissions.BasePermission):
"""
......@@ -14,8 +14,8 @@ class IsCommentVisibleToUser(permissions.BasePermission):
def has_object_permission(self, request, obj):
# Write permissions are only allowed to the owner.
return (
obj.workout.visibility == "PU"
obj.workout.visibility == Visibility.PUBLIC
or obj.owner == request.user
or (obj.workout.visibility == "CO" and obj.owner.coach == request.user)
or (obj.workout.visibility == Visibility.COACH and obj.owner.coach == request.user)
or obj.workout.owner == request.user
)
......@@ -7,6 +7,7 @@ from workouts.permissions import IsOwner, IsReadOnly
from comments.serializers import CommentSerializer, LikeSerializer
from django.db.models import Q
from rest_framework.filters import OrderingFilter
from workouts.models import Visibility
# Create your views here.
class CommentList(
......@@ -45,10 +46,10 @@ class CommentList(
# Or maybe not.
qs = Comment.objects.filter(
Q(workout__visibility="PU")
Q(workout__visibility=Visibility.PUBLIC)
| Q(owner=self.request.user)
| (
Q(workout__visibility="CO")
Q(workout__visibility=Visibility.COACH)
& Q(workout__owner__coach=self.request.user)
)
| Q(workout__owner=self.request.user)
......
......@@ -7,7 +7,7 @@ from django.db import models
from django.core.files.storage import FileSystemStorage
from django.conf import settings
from django.contrib.auth import get_user_model
from django.utils.translation import gettext_lazy as _
class OverwriteStorage(FileSystemStorage):
"""Filesystem storage for overwriting files. Currently unused."""
......@@ -26,6 +26,12 @@ class OverwriteStorage(FileSystemStorage):
# Create your models here.
# Visibility levels
class Visibility(models.TextChoices):
PUBLIC = "PU", _("Public")
COACH = "CO", _("Coach")
PRIVATE = "PR", _("Private")
class Workout(models.Model):
"""Django model for a workout that users can log.
......@@ -47,18 +53,11 @@ class Workout(models.Model):
get_user_model(), on_delete=models.CASCADE, related_name="workouts"
)
# Visibility levels
PUBLIC = "PU" # Visible to all authenticated users
COACH = "CO" # Visible only to owner and their coach
PRIVATE = "PR" # Visible only to owner
VISIBILITY_CHOICES = [
(PUBLIC, "Public"),
(COACH, "Coach"),
(PRIVATE, "Private"),
] # Choices for visibility level
visibility = models.CharField(
max_length=2, choices=VISIBILITY_CHOICES, default=COACH
max_length=2,
choices=Visibility.choices,
default=Visibility.COACH
)
class Meta:
......
......@@ -2,6 +2,7 @@
"""
from rest_framework import permissions
from workouts.models import Workout
from workouts.models import Visibility
class IsOwner(permissions.BasePermission):
......@@ -51,14 +52,14 @@ class IsPublic(permissions.BasePermission):
"""Checks whether the object (workout) has visibility of Public."""
def has_object_permission(self, request, view, obj):
return obj.visibility == "PU"
return obj.visibility == Visibility.PUBLIC
class IsWorkoutPublic(permissions.BasePermission):
"""Checks whether the object's workout has visibility of Public."""
def has_object_permission(self, request, view, obj):
return obj.workout.visibility == "PU"
return obj.workout.visibility == Visibility.PUBLIC
class IsReadOnly(permissions.BasePermission):
......
......@@ -33,6 +33,7 @@ import json
from collections import namedtuple
import base64, pickle
from django.core.signing import Signer
from workouts.models import Visibility
@api_view(["GET"])
......@@ -138,9 +139,9 @@ class WorkoutList(
# - The owner of the workout is the requesting user
# - The workout has coach visibility and the requesting user is the owner's coach
qs = Workout.objects.filter(
Q(visibility="PU")
Q(visibility=Visibility.PUBLIC)
| Q(owner=self.request.user)
| (Q(visibility="CO") & Q(owner__coach=self.request.user))
| (Q(visibility=Visibility.COACH) & Q(owner__coach=self.request.user))
).distinct()
return qs
......@@ -246,7 +247,7 @@ class ExerciseInstanceList(
qs = ExerciseInstance.objects.filter(
Q(workout__owner=self.request.user)
| (
(Q(workout__visibility="CO") | Q(workout__visibility="PU"))
(Q(workout__visibility=Visibility.COACH) | Q(workout__visibility=Visibility.PUBLIC))
& Q(workout__owner__coach=self.request.user)
)
).distinct()
......@@ -287,7 +288,7 @@ class ExerciseInstanceDetail(
qs = ExerciseInstance.objects.filter(
Q(workout__owner=self.request.user)
| (
(Q(workout__visibility="CO") | Q(workout__visibility="PU"))
(Q(workout__visibility=Visibility.COACH) | Q(workout__visibility=Visibility.PUBLIC))
& Q(workout__owner__coach=self.request.user)
)
).distinct()
......@@ -322,7 +323,7 @@ class WorkoutFileList(
Q(owner=self.request.user)
| Q(workout__owner=self.request.user)
| (
Q(workout__visibility="CO")
Q(workout__visibility=Visibility.COACH)
& Q(workout__owner__coach=self.request.user)
)
).distinct()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment