tiradoe/movie-night-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'updated permissions for list' (#11) from list-permission-handling into main

Browse source 
Reviewed-on: #11
This commit is contained in:
Edward Tirado Jr 2025-06-30 23:17:34 +00:00
commit a20b3211da
2 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
movie_manager/serializers.py
View file

@ -42,6 +42,7 @@ class MovieListListSerializer(serializers.ModelSerializer):
class MovieListSerializer(serializers.ModelSerializer): class MovieListSerializer(serializers.ModelSerializer):
movies = MovieSerializer(read_only=True, many=True) movies = MovieSerializer(read_only=True, many=True)
serializer_class = MovieSerializer serializer_class = MovieSerializer
owner = serializers.PrimaryKeyRelatedField(read_only=True)
def get_queryset(self): def get_queryset(self):
return MovieList.objects.prefetch_related( return MovieList.objects.prefetch_related(

20
movie_manager/views.py
View file

@ -1,9 +1,10 @@
import datetime import datetime
import json
from django.db.models import QuerySet
from django.http import JsonResponse from django.http import JsonResponse
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.utils.dateparse import parse_datetime from django.utils.dateparse import parse_datetime
from django.db import models
from rest_framework import permissions, viewsets from rest_framework import permissions, viewsets
from knox.auth import TokenAuthentication from knox.auth import TokenAuthentication
from rest_framework.decorators import action, api_view from rest_framework.decorators import action, api_view
@ -66,14 +67,29 @@ class MovieListViewset(viewsets.ModelViewSet):
return MovieListSerializer return MovieListSerializer
def get_queryset(self): def get_queryset(self):
base_qs = MovieList.objects.all()
if self.action == "list": if self.action == "list":
return MovieList.objects.filter(owner=self.request.user) if self.request.user.is_authenticated:
return base_qs.filter(
models.Q(public=True) |
models.Q(owner=self.request.user)
).order_by("name")
return base_qs.filter(public=True).order_by("name")
else: else:
return MovieList.objects.prefetch_related( return MovieList.objects.prefetch_related(
"movies", "movies",
"movies__showing_set" "movies__showing_set"
).order_by("name") ).order_by("name")
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
def get_permissions(self):
if self.action in ['update', 'partial_update', 'destroy']:
self.permission_classes = [permissions.IsAuthenticated]
return super().get_permissions()
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
movie_list = MovieList.objects.create( movie_list = MovieList.objects.create(