diff --git a/backend/users/models.py b/backend/users/models.py index aee3838..1965bca 100644 --- a/backend/users/models.py +++ b/backend/users/models.py @@ -148,6 +148,9 @@ class CustomUser(AbstractUser): USERNAME_FIELD = "email" REQUIRED_FIELDS = ("username",) + is_active = models.BooleanField(default=False) + delete_time = models.DateTimeField(null=True, blank=True) + class Meta: verbose_name = _("Пользователь") verbose_name_plural = _("Пользователи") diff --git a/backend/users/permissions.py b/backend/users/permissions.py new file mode 100644 index 0000000..5c6f4e9 --- /dev/null +++ b/backend/users/permissions.py @@ -0,0 +1,9 @@ +from rest_framework.permissions import BasePermission + + +class IsActiveUser(BasePermission): + ''' + Ограничение доступа для временно удаленного пользователя + ''' + def has_permission(self, request, view): + return request.user.is_active \ No newline at end of file diff --git a/backend/users/views.py b/backend/users/views.py index 3ad1c21..b2009b7 100644 --- a/backend/users/views.py +++ b/backend/users/views.py @@ -18,6 +18,7 @@ from .serializers import (CoordinateSerializer, CustomUserSerializer, FriendSerializer, FriendsRelationshipSerializer, UserpicSerializer, UserStatusSerializer) +from .permissions import IsActiveUser class CustomUserViewSet(UserViewSet): @@ -49,7 +50,7 @@ def friends(self, request): @action( methods=["post"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="add-friend", ) def add_friend(self, request, **kwargs): @@ -74,7 +75,7 @@ def add_friend(self, request, **kwargs): @action( methods=["post"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="approved", ) def approve_request(self, request, **kwargs): @@ -97,10 +98,30 @@ def approve_request(self, request, **kwargs): from_user.friends.add(to_user) return Response(serializer.data, status=HTTP_201_CREATED) + @action( + methods=["post"], + detail=True, + permission_classes=(IsAuthenticated, ), + url_path="delete-control" + ) + def user_active_control(self, request): + import datetime + + user = request.user + if user.is_active: + user.is_active = False + user.delete_time = datetime.datetime.now() + else: + user.is_active = True + user.delete_time = None + user.save() + return HttpResponseRedirect(redirect_to=settings.LOGIN_URL_) + + @action( methods=["delete"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="delete-friend", ) def delete_friend(self, request, **kwargs): @@ -119,7 +140,7 @@ def delete_friend(self, request, **kwargs): @action( methods=["delete"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="delete-request", ) def delete_request(self, request, **kwargs): @@ -140,7 +161,7 @@ def delete_request(self, request, **kwargs): @action( methods=["get"], detail=False, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="all-requests", ) def all_requests(self, request): @@ -153,7 +174,7 @@ def all_requests(self, request): @action( methods=["patch"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="update-coordinates", ) def update_coordinates(self, request, **kwargs): @@ -174,7 +195,7 @@ def update_coordinates(self, request, **kwargs): @action( methods=["get"], detail=False, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="get-friends", ) def get_friends(self, request, **kwargs): @@ -224,7 +245,7 @@ def update_friends_category(self, request, **kwargs): @action( methods=["patch"], detail=True, - permission_classes=(IsAuthenticated,), + permission_classes=(IsAuthenticated, IsActiveUser), url_path="update-user-pic", ) def update_user_pic(self, request, **kwargs):