diff --git a/api/api_methods.py b/api/api_methods.py index 073a8e8..d51f7eb 100755 --- a/api/api_methods.py +++ b/api/api_methods.py @@ -1,12 +1,8 @@ -import random - -from django.core.exceptions import ValidationError -from django.http import HttpResponse, HttpResponseBadRequest -from .api_utils import * -from .api_params import * -from .models import * -from .api_media_utils import * import time +from django.core.exceptions import ValidationError +from .api_media_utils import * +from .api_utils import * +from .models import * def _make_model_validation_errors(validation_error: ValidationError, api_err=API_ERROR_OBJECT_VALIDATION): @@ -147,7 +143,7 @@ class ApiAccount: params=[ApiParamAccessToken()], returns="Стандартный ответ успеха, в случае успеха") async def delete(access_token): - user = access_token.owner + user = access_token.user await sync_to_async(user.delete)() return api_make_response({}) @@ -163,9 +159,9 @@ class ApiAccount: returns="Поля пользователя (name, surname, email, phone и прочие).") async def get(access_token, user_id): if user_id is None: - user = access_token.owner + user = access_token.user else: - user = await access_token.owner.get_by_id(user_id) + user = await access_token.user.get_by_id(user_id) if user is None: return make_error_object(Exception(API_ERROR_NOT_FOUND, {"user": user_id})) @@ -193,7 +189,7 @@ class ApiAccount: ], returns="Вернет основную информацию о пользователе, иначе ошибки") async def edit(access_token, name, surname, about, executor_type, executor_inn, city): - user = access_token.owner + user = access_token.user executor_need_save, need_save = False, False if name is not None: @@ -268,7 +264,7 @@ class ApiAccount: ], returns="Вернет стандартный объект успеха") async def change_phone(access_token, password, phone, code): - user = access_token.owner + user = access_token.user if not user.check_password(password): raise Exception(API_ERROR_INVALID_PASSWORD) @@ -331,7 +327,7 @@ class ApiSecurity: async def list_sessions(access_token, password): sessions = await access_token.list_sessions() - if not access_token.owner.check_password(password): + if not access_token.user.check_password(password): raise Exception(API_ERROR_INVALID_PASSWORD) return api_make_response({ @@ -357,7 +353,7 @@ class ApiSecurity: ], returns="Вернет sessions: [{id: int, name: str, created: unix_timestamp}]") async def remove_other_sessions(access_token, password): - if not access_token.owner.check_password(password): + if not access_token.user.check_password(password): raise Exception(API_ERROR_INVALID_PASSWORD) sessions = await access_token.list_sessions() @@ -389,7 +385,7 @@ class ApiSecurity: ], returns="Вернет стандартный отъект в случае успеха") async def remove_session(access_token, password, session): - if not access_token.owner.check_password(password): + if not access_token.user.check_password(password): raise Exception(API_ERROR_INVALID_PASSWORD) await access_token.delete_session(session) @@ -406,7 +402,7 @@ class ApiSecurity: ], returns="Вернет стандартный объект успеха") async def change_password(access_token, old_password, password): - user = access_token.owner + user = access_token.user if not user.check_password(old_password): raise Exception(API_ERROR_INVALID_PASSWORD, "old_password") @@ -563,7 +559,7 @@ class ApiOrder: ApiOrder._check_write_permissions(access_token) try: - order = await Order.objects.acreate(owner=access_token.owner, **kwargs) + order = await Order.objects.acreate(owner=access_token.user, **kwargs) return api_make_response({"order_id": order.id}) except ValidationError as ve: return _make_model_validation_errors(ve, API_ERROR_USER_MODIFY) @@ -581,7 +577,7 @@ class ApiOrder: ApiOrder._check_write_permissions(access_token) query = Order.objects.filter(id=order_id) order = await query.afirst() - if order.owner_id != access_token.owner.id: + if order.owner_id != access_token.user.id: raise Exception(API_ERROR_ACCESS_DENIED, 'edit operation allowed only for owner') await query.aupdate(published=value) @@ -619,13 +615,13 @@ class ApiOrder: if order_id is not None: res = await query.aget(id=order_id) if user_id is not None: - if access_token.owner.id == res.owner_id or (res.published and res.moderated): + if access_token.user.id == res.owner_id or (res.published and res.moderated): return api_make_response([ApiOrder._order_to_json(res)]) else: raise Exception(API_ERROR_NOT_ALLOWED, 'attempt access to closed order') if user_id is not None: - user = await access_token.owner.get_by_id(user_id) + user = await access_token.user.get_by_id(user_id) if user is None: raise Exception(API_ERROR_NOT_FOUND, 'user') if user.role != Account.ROLE_CUSTOMER: @@ -639,9 +635,9 @@ class ApiOrder: @staticmethod def _check_write_permissions(access_token): - if not access_token.owner.is_completed(): + if not access_token.user.is_completed(): raise Exception(API_ERROR_NEED_COMPLETED_ACCOUNT) - if access_token.owner.role != Account.ROLE_CUSTOMER: + if access_token.user.role != Account.ROLE_CUSTOMER: raise Exception(API_ERROR_NOT_ALLOWED, 'you must be a customer') @@ -696,11 +692,11 @@ class ApiMedia: return make_error_object(Exception(API_ERROR_INVALID_REQUEST, "unsupported file extension")) try: - storage_name = Media.generate_storage_name(filename, datetime.now(), access_token.owner) + storage_name = Media.generate_storage_name(filename, datetime.now(), access_token.user) await sync_to_async(s3_upload_from_buffer)(storage_name, request.FILES['file'].read()) - m = await Media.objects.acreate(user=access_token.owner, original_name=filename, + m = await Media.objects.acreate(user=access_token.user, original_name=filename, extension=ext, storage_name=storage_name) return api_make_response({'media_id': m.id}) except Exception: