feature/rbac permisos y roles implementados
This commit is contained in:
@@ -12,106 +12,73 @@ from rest_framework.decorators import action
|
||||
from rest_framework.response import Response
|
||||
from django.http import FileResponse, Http404
|
||||
import os
|
||||
|
||||
from .models import DataStage
|
||||
from .serializer import DataStageSerializer
|
||||
|
||||
from api.logger.mixins import LoggingMixin
|
||||
from mixins.filtrado_organizacion import OrganizacionFiltradaMixin
|
||||
from core.permissions import (
|
||||
IsSameOrganization,
|
||||
IsSameOrganizationDeveloper,
|
||||
IsSameOrganizationAndAdmin,
|
||||
IsSuperUser
|
||||
)
|
||||
from core.permissions import get_org_context, is_internal_service_request, require_permission
|
||||
# Create your views here.
|
||||
class DataStagePagination(PageNumberPagination):
|
||||
page_size = 20 # Valor por defecto
|
||||
page_size_query_param = 'page_size'
|
||||
max_page_size = 1000
|
||||
|
||||
class DataStageViewSet(LoggingMixin, viewsets.ModelViewSet, OrganizacionFiltradaMixin):
|
||||
|
||||
|
||||
class DataStageViewSet(LoggingMixin, viewsets.ModelViewSet):
|
||||
"""
|
||||
ViewSet for managing DataStage instances.
|
||||
Provides CRUD operations for DataStage.
|
||||
"""
|
||||
|
||||
|
||||
serializer_class = DataStageSerializer
|
||||
permission_classes = [IsAuthenticated & (IsSameOrganization | IsSameOrganizationAndAdmin | IsSameOrganizationDeveloper | IsSuperUser)]
|
||||
model = DataStage
|
||||
my_tags = ['DataStage']
|
||||
pagination_class = DataStagePagination
|
||||
|
||||
def get_permissions(self):
|
||||
perms = {
|
||||
'list': 'datastage.view',
|
||||
'retrieve': 'datastage.view',
|
||||
'create': 'datastage.create',
|
||||
'update': 'datastage.create',
|
||||
'partial_update': 'datastage.create',
|
||||
'destroy': 'datastage.delete',
|
||||
'procesar': 'datastage.process',
|
||||
'download_datastage': 'datastage.view',
|
||||
'task_status': 'datastage.view',
|
||||
}
|
||||
codename = perms.get(self.action, 'datastage.view')
|
||||
return [IsAuthenticated(), require_permission(codename)()]
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
if is_internal_service_request(self.request):
|
||||
return DataStage.objects.all().order_by('-created_at')
|
||||
org = get_org_context(self.request.user)
|
||||
if not org:
|
||||
return DataStage.objects.none()
|
||||
return DataStage.objects.filter(organizacion=org).order_by('-created_at')
|
||||
|
||||
if self.request.user.groups.filter(name='developer').exists() or self.request.user.groups.filter(name='admin').exists() or self.request.user.groups.filter(name='Agente Aduanal').exists():
|
||||
return DataStage.objects.filter(organizacion=self.request.user.organizacion).order_by('-created_at')
|
||||
|
||||
return self.get_queryset_filtrado_por_organizacion().order_by('-created_at')
|
||||
|
||||
def perform_create(self, serializer):
|
||||
"""
|
||||
Permite que la organización sea opcional en el request, pero si no se envía, se asigna la del usuario autenticado.
|
||||
"""
|
||||
if not self.request.user.is_authenticated or not hasattr(self.request.user, 'organizacion'):
|
||||
raise ValueError("Usuario no autenticado o sin organización")
|
||||
org = get_org_context(self.request.user)
|
||||
datastage = serializer.save(organizacion=org)
|
||||
self._trigger_processing(datastage)
|
||||
|
||||
data = serializer.validated_data
|
||||
organizacion = data.get('organizacion')
|
||||
|
||||
if self.request.user.is_superuser:
|
||||
# Permitir que el superusuario cree sin organización o la especifique
|
||||
datastage = serializer.save()
|
||||
self._trigger_processing(datastage)
|
||||
return
|
||||
|
||||
if (self.request.user.groups.filter(name='developer').exists() or self.request.user.groups.filter(name='admin').exists() or self.request.user.groups.filter(name='user').exists()) and self.request.user.groups.filter(name='Agente Aduanal').exists():
|
||||
if not organizacion:
|
||||
datastage = serializer.save(organizacion=self.request.user.organizacion)
|
||||
else:
|
||||
datastage = serializer.save()
|
||||
|
||||
self._trigger_processing(datastage)
|
||||
|
||||
return
|
||||
|
||||
raise ValueError("No cuentas con los permisos necesarios para crear un DataStage")
|
||||
|
||||
def _trigger_processing(self, datastage):
|
||||
"""
|
||||
Método helper para disparar el procesamiento.
|
||||
"""
|
||||
from api.datastage.tasks import procesar_datastage_task
|
||||
user_organizacion = getattr(self.request.user, 'organizacion', None)
|
||||
user_organizacion_id = user_organizacion.id if user_organizacion else None
|
||||
|
||||
org = get_org_context(self.request.user)
|
||||
datastage.procesado = True
|
||||
datastage.save()
|
||||
|
||||
task = procesar_datastage_task.delay(datastage.id, user_organizacion_id)
|
||||
|
||||
def perform_update(self, serializer):
|
||||
"""
|
||||
Override to ensure organization is set on update.
|
||||
"""
|
||||
if not self.request.user.is_authenticated or not hasattr(self.request.user, 'organizacion'):
|
||||
raise ValueError("Usuario no autenticado o sin organización")
|
||||
procesar_datastage_task.delay(datastage.id, org.id if org else None)
|
||||
|
||||
if self.request.user.is_superuser:
|
||||
# Allow superuser to update without organization
|
||||
def perform_update(self, serializer):
|
||||
if is_internal_service_request(self.request):
|
||||
serializer.save()
|
||||
return
|
||||
|
||||
if (self.request.user.groups.filter(name='developer').exists() or self.request.user.groups.filter(name='admin').exists() or self.request.user.groups.filter(name='user').exists()) and self.request.user.groups.filter(name='Agente Aduanal').exists():
|
||||
serializer.save(organizacion=self.request.user.organizacion)
|
||||
return
|
||||
|
||||
raise ValueError("No cuentas con los permisos necesarios para actualizar un DataStage")
|
||||
org = get_org_context(self.request.user)
|
||||
serializer.save(organizacion=org)
|
||||
|
||||
def perform_destroy(self, instance):
|
||||
if instance.archivo:
|
||||
storage_service.delete_file(instance.archivo)
|
||||
instance.delete()
|
||||
|
||||
@action(detail=True, methods=['get'], url_path='download-datastage', url_name='download-datastage')
|
||||
def download_datastage(self, request, pk=None):
|
||||
@@ -182,12 +149,10 @@ class DataStageViewSet(LoggingMixin, viewsets.ModelViewSet, OrganizacionFiltrada
|
||||
"""
|
||||
Endpoint para procesar el DataStage de forma asíncrona usando Celery.
|
||||
"""
|
||||
# ojo aqui
|
||||
from api.datastage.tasks import procesar_datastage_task
|
||||
datastage = self.get_object()
|
||||
user_organizacion = getattr(self.request.user, 'organizacion', None)
|
||||
user_organizacion_id = user_organizacion.id if user_organizacion else None
|
||||
task = procesar_datastage_task.delay(datastage.id, user_organizacion_id)
|
||||
org = get_org_context(self.request.user)
|
||||
task = procesar_datastage_task.delay(datastage.id, org.id if org else None)
|
||||
return Response({
|
||||
'task_id': task.id,
|
||||
'detail': 'Procesamiento iniciado. Puede consultar el estado con el task_id.'
|
||||
|
||||
Reference in New Issue
Block a user