Coverage for website/pizzas/api/v2/admin/permissions.py: 28.57%

20 statements  

« prev     ^ index     » next       coverage.py v7.6.7, created at 2025-08-14 10:31 +0000

1from django.db.models import QuerySet 

2 

3from rest_framework.generics import get_object_or_404 

4from rest_framework.permissions import BasePermission 

5 

6from events.services import is_organiser 

7from pizzas.models import FoodEvent, FoodOrder 

8 

9 

10class IsOrganiser(BasePermission): 

11 def has_permission(self, request, view): 

12 event_lookup_field = ( 

13 view.event_lookup_field if hasattr(view, "event_lookup_field") else "pk" 

14 ) 

15 if event_lookup_field in view.kwargs: 

16 obj = get_object_or_404(FoodEvent, pk=view.kwargs.get(event_lookup_field)) 

17 return is_organiser(request.member, obj.event) 

18 return super().has_permission(request, view) 

19 

20 def has_object_permission(self, request, view, obj): 

21 if isinstance(obj, QuerySet): 

22 return True 

23 if not request.member: 

24 return False 

25 if isinstance(obj, FoodOrder): 

26 obj = obj.food_event.event 

27 return is_organiser(request.member, obj)