mirror of
https://github.com/evgen-app/chess_rpg_backend.git
synced 2024-11-10 19:57:12 +03:00
added user identity check on deck edit
This commit is contained in:
parent
56dc11c7b3
commit
ea262c3c98
|
@ -90,7 +90,6 @@ class CreateDeckSerializer(serializers.ModelSerializer):
|
||||||
return instance
|
return instance
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class GetPlayerSerializer(serializers.ModelSerializer):
|
class GetPlayerSerializer(serializers.ModelSerializer):
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Player
|
model = Player
|
||||||
|
|
|
@ -79,7 +79,11 @@ class PlayerCreateView(GenericAPIView, CreateModelMixin):
|
||||||
access_jwt = sign_jwt({"id": instance.id, "type": "access"}, t_life=3600)
|
access_jwt = sign_jwt({"id": instance.id, "type": "access"}, t_life=3600)
|
||||||
refresh_jwt = sign_jwt({"id": instance.id, "type": "refresh"})
|
refresh_jwt = sign_jwt({"id": instance.id, "type": "refresh"})
|
||||||
return Response(
|
return Response(
|
||||||
{"access_token": access_jwt, "refresh_token": refresh_jwt},
|
{
|
||||||
|
"access_token": access_jwt,
|
||||||
|
"refresh_token": refresh_jwt,
|
||||||
|
"deck_id": instance.get_last_deck().id,
|
||||||
|
},
|
||||||
status=status.HTTP_201_CREATED,
|
status=status.HTTP_201_CREATED,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -96,6 +100,7 @@ class DeckCreateView(GenericAPIView, CreateModelMixin):
|
||||||
serializer.is_valid(raise_exception=True)
|
serializer.is_valid(raise_exception=True)
|
||||||
instance = self.perform_create(serializer)
|
instance = self.perform_create(serializer)
|
||||||
heroes_list = ListHeroSerializer(instance.get_heroes(), many=True)
|
heroes_list = ListHeroSerializer(instance.get_heroes(), many=True)
|
||||||
|
heroes_list.data["deck_id"] = instance.id
|
||||||
return Response(heroes_list.data, status=status.HTTP_201_CREATED)
|
return Response(heroes_list.data, status=status.HTTP_201_CREATED)
|
||||||
|
|
||||||
|
|
||||||
|
@ -115,10 +120,30 @@ class RetireUpdateDeleteDeckView(
|
||||||
return self.retrieve(request, *args, **kwargs)
|
return self.retrieve(request, *args, **kwargs)
|
||||||
|
|
||||||
def put(self, request, *args, **kwargs):
|
def put(self, request, *args, **kwargs):
|
||||||
|
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
||||||
|
return Response(
|
||||||
|
"Attempt to change another user's deck",
|
||||||
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
|
)
|
||||||
return self.update(request, *args, **kwargs)
|
return self.update(request, *args, **kwargs)
|
||||||
|
|
||||||
def patch(self, request, *args, **kwargs):
|
def patch(self, request, *args, **kwargs):
|
||||||
|
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
||||||
|
return Response(
|
||||||
|
"Attempt to change another user's deck",
|
||||||
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
|
)
|
||||||
return self.partial_update(request, *args, **kwargs)
|
return self.partial_update(request, *args, **kwargs)
|
||||||
|
|
||||||
def delete(self, request, *args, **kwargs):
|
def delete(self, request, *args, **kwargs):
|
||||||
|
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
||||||
|
return Response(
|
||||||
|
"Attempt to delete another user's deck",
|
||||||
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
|
)
|
||||||
return self.destroy(request, *args, **kwargs)
|
return self.destroy(request, *args, **kwargs)
|
||||||
|
|
||||||
|
def _check_user_identity(self, user_id, deck_id) -> bool:
|
||||||
|
return deck_id in list(
|
||||||
|
Deck.objects.filter(player_id=user_id).values_list("id", flat=True)
|
||||||
|
)
|
||||||
|
|
|
@ -29,7 +29,9 @@ class Player(models.Model):
|
||||||
def save(
|
def save(
|
||||||
self, force_insert=False, force_update=False, using=None, update_fields=None
|
self, force_insert=False, force_update=False, using=None, update_fields=None
|
||||||
):
|
):
|
||||||
|
"""saves user and creates deck for him with 16 heroes"""
|
||||||
super(Player, self).save()
|
super(Player, self).save()
|
||||||
|
deck = Deck.objects.create(player=self)
|
||||||
types = (
|
types = (
|
||||||
["ARCHER" for _ in range(4)]
|
["ARCHER" for _ in range(4)]
|
||||||
+ ["WARRIOR" for _ in range(6)]
|
+ ["WARRIOR" for _ in range(6)]
|
||||||
|
@ -54,6 +56,10 @@ class Player(models.Model):
|
||||||
hero.speed = random.randint(0, 10)
|
hero.speed = random.randint(0, 10)
|
||||||
|
|
||||||
hero.save()
|
hero.save()
|
||||||
|
HeroInDeck.objects.create(deck=deck, hero=hero)
|
||||||
|
|
||||||
|
def get_last_deck(self):
|
||||||
|
return Deck.objects.filter(player=self).last()
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.name
|
return self.name
|
||||||
|
|
Loading…
Reference in New Issue
Block a user