106 lines
3.6 KiB
Python
106 lines
3.6 KiB
Python
from rest_framework import serializers
|
|
|
|
from api.rbac.models import OrganizationRole, RolePermission, UserPermission, UserRole
|
|
|
|
|
|
class RolePermissionSerializer(serializers.ModelSerializer):
|
|
class Meta:
|
|
model = RolePermission
|
|
fields = ['id', 'codename', 'descripcion', 'modulo']
|
|
|
|
|
|
class OrganizationRoleSerializer(serializers.ModelSerializer):
|
|
permissions = RolePermissionSerializer(many=True, read_only=True)
|
|
permission_ids = serializers.PrimaryKeyRelatedField(
|
|
queryset=RolePermission.objects.all(),
|
|
many=True,
|
|
write_only=True,
|
|
source='permissions',
|
|
required=False,
|
|
)
|
|
user_count = serializers.IntegerField(read_only=True)
|
|
|
|
class Meta:
|
|
model = OrganizationRole
|
|
fields = [
|
|
'id', 'nombre', 'descripcion', 'is_admin_role',
|
|
'permissions', 'permission_ids', 'user_count',
|
|
'created_at', 'updated_at',
|
|
]
|
|
read_only_fields = ['id', 'is_admin_role', 'created_at', 'updated_at']
|
|
|
|
|
|
class OrganizationRoleWriteSerializer(serializers.ModelSerializer):
|
|
"""Serializer para crear/editar roles — recibe lista de IDs de permisos."""
|
|
permission_ids = serializers.PrimaryKeyRelatedField(
|
|
queryset=RolePermission.objects.all(),
|
|
many=True,
|
|
source='permissions',
|
|
required=False,
|
|
)
|
|
|
|
class Meta:
|
|
model = OrganizationRole
|
|
fields = ['nombre', 'descripcion', 'permission_ids']
|
|
|
|
def create(self, validated_data):
|
|
perms = validated_data.pop('permissions', [])
|
|
role = OrganizationRole.objects.create(**validated_data)
|
|
role.permissions.set(perms)
|
|
return role
|
|
|
|
def update(self, instance, validated_data):
|
|
perms = validated_data.pop('permissions', None)
|
|
for attr, value in validated_data.items():
|
|
setattr(instance, attr, value)
|
|
instance.save()
|
|
if perms is not None:
|
|
instance.permissions.set(perms)
|
|
return instance
|
|
|
|
|
|
class _UserMinimalSerializer(serializers.Serializer):
|
|
id = serializers.UUIDField()
|
|
username = serializers.CharField()
|
|
email = serializers.EmailField()
|
|
first_name = serializers.CharField()
|
|
last_name = serializers.CharField()
|
|
|
|
|
|
class _RoleMinimalSerializer(serializers.Serializer):
|
|
id = serializers.UUIDField()
|
|
nombre = serializers.CharField()
|
|
descripcion = serializers.CharField()
|
|
|
|
|
|
class UserRoleSerializer(serializers.ModelSerializer):
|
|
user = _UserMinimalSerializer(read_only=True)
|
|
role = _RoleMinimalSerializer(read_only=True)
|
|
# write
|
|
user_id = serializers.UUIDField(write_only=True, source='user')
|
|
role_id = serializers.UUIDField(write_only=True, source='role')
|
|
|
|
class Meta:
|
|
model = UserRole
|
|
fields = ['id', 'user', 'user_id', 'role', 'role_id', 'created_at']
|
|
read_only_fields = ['id', 'created_at']
|
|
|
|
|
|
class UserPermissionSerializer(serializers.ModelSerializer):
|
|
user = _UserMinimalSerializer(read_only=True)
|
|
permission = RolePermissionSerializer(read_only=True)
|
|
# write
|
|
user_id = serializers.UUIDField(write_only=True, source='user')
|
|
permission_id = serializers.IntegerField(write_only=True, source='permission')
|
|
|
|
class Meta:
|
|
model = UserPermission
|
|
fields = ['id', 'user', 'user_id', 'permission', 'permission_id', 'granted', 'created_at']
|
|
read_only_fields = ['id', 'created_at']
|
|
|
|
|
|
class MyPermissionsSerializer(serializers.Serializer):
|
|
"""Respuesta de /rbac/my-permissions/ — permisos efectivos del usuario autenticado."""
|
|
permissions = serializers.ListField(child=serializers.CharField())
|
|
roles = serializers.ListField(child=serializers.CharField())
|