feature/rbac permisos y roles implementados

api/rbac/serializers.py

@@ -0,0 +1,105 @@
+from rest_framework import serializers
+
+from api.rbac.models import OrganizationRole, RolePermission, UserPermission, UserRole
+
+
+class RolePermissionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = RolePermission
+        fields = ['id', 'codename', 'descripcion', 'modulo']
+
+
+class OrganizationRoleSerializer(serializers.ModelSerializer):
+    permissions = RolePermissionSerializer(many=True, read_only=True)
+    permission_ids = serializers.PrimaryKeyRelatedField(
+        queryset=RolePermission.objects.all(),
+        many=True,
+        write_only=True,
+        source='permissions',
+        required=False,
+    )
+    user_count = serializers.IntegerField(read_only=True)
+
+    class Meta:
+        model = OrganizationRole
+        fields = [
+            'id', 'nombre', 'descripcion', 'is_admin_role',
+            'permissions', 'permission_ids', 'user_count',
+            'created_at', 'updated_at',
+        ]
+        read_only_fields = ['id', 'is_admin_role', 'created_at', 'updated_at']
+
+
+class OrganizationRoleWriteSerializer(serializers.ModelSerializer):
+    """Serializer para crear/editar roles — recibe lista de IDs de permisos."""
+    permission_ids = serializers.PrimaryKeyRelatedField(
+        queryset=RolePermission.objects.all(),
+        many=True,
+        source='permissions',
+        required=False,
+    )
+
+    class Meta:
+        model = OrganizationRole
+        fields = ['nombre', 'descripcion', 'permission_ids']
+
+    def create(self, validated_data):
+        perms = validated_data.pop('permissions', [])
+        role = OrganizationRole.objects.create(**validated_data)
+        role.permissions.set(perms)
+        return role
+
+    def update(self, instance, validated_data):
+        perms = validated_data.pop('permissions', None)
+        for attr, value in validated_data.items():
+            setattr(instance, attr, value)
+        instance.save()
+        if perms is not None:
+            instance.permissions.set(perms)
+        return instance
+
+
+class _UserMinimalSerializer(serializers.Serializer):
+    id = serializers.UUIDField()
+    username = serializers.CharField()
+    email = serializers.EmailField()
+    first_name = serializers.CharField()
+    last_name = serializers.CharField()
+
+
+class _RoleMinimalSerializer(serializers.Serializer):
+    id = serializers.UUIDField()
+    nombre = serializers.CharField()
+    descripcion = serializers.CharField()
+
+
+class UserRoleSerializer(serializers.ModelSerializer):
+    user = _UserMinimalSerializer(read_only=True)
+    role = _RoleMinimalSerializer(read_only=True)
+    # write
+    user_id = serializers.UUIDField(write_only=True, source='user')
+    role_id = serializers.UUIDField(write_only=True, source='role')
+
+    class Meta:
+        model = UserRole
+        fields = ['id', 'user', 'user_id', 'role', 'role_id', 'created_at']
+        read_only_fields = ['id', 'created_at']
+
+
+class UserPermissionSerializer(serializers.ModelSerializer):
+    user = _UserMinimalSerializer(read_only=True)
+    permission = RolePermissionSerializer(read_only=True)
+    # write
+    user_id = serializers.UUIDField(write_only=True, source='user')
+    permission_id = serializers.IntegerField(write_only=True, source='permission')
+
+    class Meta:
+        model = UserPermission
+        fields = ['id', 'user', 'user_id', 'permission', 'permission_id', 'granted', 'created_at']
+        read_only_fields = ['id', 'created_at']
+
+
+class MyPermissionsSerializer(serializers.Serializer):
+    """Respuesta de /rbac/my-permissions/ — permisos efectivos del usuario autenticado."""
+    permissions = serializers.ListField(child=serializers.CharField())
+    roles = serializers.ListField(child=serializers.CharField())