Coverage for src/api/permissions.py: 76%

34 statements  

« prev     ^ index     » next       coverage.py v7.11.1, created at 2025-11-08 10:41 +0000

1from rest_framework import permissions 

2from src.api.models import OperatorProfile, Booking 

3 

4class IsLotOperator(permissions.BasePermission): 

5 message = 'Ви не є оператором або не маєте прав доступу до бронювань на цьому лоті.' 

6 

7 def has_permission(self, request, view): 

8 user = request.user 

9 if not user or not user.is_authenticated: 

10 return False 

11 

12 try: 

13 profile = user.operator_profile 

14 except OperatorProfile.DoesNotExist: 

15 return False 

16 

17 if view and hasattr(view, 'kwargs'): 

18 lot_pk = view.kwargs.get("lot_pk") 

19 else: 

20 lot_pk = None 

21 

22 if lot_pk is not None: 

23 try: 

24 return profile.lot_id == int(lot_pk) 

25 except (ValueError, TypeError): 

26 return False 

27 

28 return True 

29 

30 def has_object_permission(self, request, view, obj): 

31 if isinstance(obj, Booking): 

32 object_lot_id = obj.spot.lot_id 

33 elif hasattr(obj, 'lot_id'): 

34 object_lot_id = obj.lot_id 

35 elif hasattr(obj, 'lot'): 

36 object_lot_id = obj.lot.id 

37 else: 

38 return False 

39 

40 try: 

41 operator_lot_id = request.user.operator_profile.lot_id 

42 except OperatorProfile.DoesNotExist: 

43 return False 

44 

45 return object_lot_id == operator_lot_id