backend/api/notificaciones/views.py

from django.shortcuts import render
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticated
from .models import Notificacion, TipoNotificacion
from .serializers import NotificacionSerializer, TipoNotificacionSerializer
from core.permissions import (
    IsSameOrganization, 
    IsSameOrganizationDeveloper,
    IsSameOrganizationAndAdmin,
    IsSuperUser
)
# Create your views here.

class TipoNotificacionViewSet(viewsets.ModelViewSet):
    queryset = TipoNotificacion.objects.all()
    serializer_class = TipoNotificacionSerializer
    http_method_names = ['get']

    permission_classes = [IsAuthenticated &  (IsSameOrganization | IsSameOrganizationAndAdmin | IsSameOrganizationDeveloper | IsSuperUser)]

    my_tags = ['Notificaciones']
    
    def get_queryset(self):
        return self.queryset.order_by('tipo')

class NotificacionViewSet(viewsets.ModelViewSet):
    queryset = Notificacion.objects.all()
    serializer_class = NotificacionSerializer
    http_method_names = ['get', 'post', 'put', 'patch', 'delete']
    filterset_fields = ['visto']

    permission_classes = [IsAuthenticated &  (IsSameOrganization | IsSameOrganizationAndAdmin | IsSameOrganizationDeveloper | IsSuperUser)]
    my_tags = ['Notificaciones']

    def get_queryset(self):
        # Evita error en generación de esquema Swagger
        if getattr(self, 'swagger_fake_view', False):
            return Notificacion.objects.none()
        user = self.request.user
        if not user.is_authenticated:
            return Notificacion.objects.none()
        return Notificacion.objects.filter(dirigido=user)

    def perform_create(self, serializer):
        if not self.request.user.is_authenticated:
            raise PermissionDenied("Usuario no autenticado")
        if self.request.user.is_superuser:
            # Allow superusers and admins to create notifications for any user
            serializer.save()
        raise PermissionDenied("No tienes permiso para crear notificaciones para otros usuarios")