Brunobrno/vontor-cz
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add wishlist feature and admin/analytics endpoints

Browse Source 
Introduces a Wishlist model with related serializers, admin, and API endpoints for users to manage favorite products. Adds admin endpoints for wishlist management and a placeholder AnalyticsViewSet for future business intelligence features. Refactors permissions for commerce views, updates product filtering and ordering, and improves carrier and payment logic. Also includes minor VSCode settings and Zasilkovna client import updates.
This commit is contained in:
David Bruno Vontor
2026-01-17 18:04:27 +01:00
parent b279ac36d5
commit e78baf746c
9 changed files with 335 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
backend/account/permissions.py
View File

@@ -55,3 +55,23 @@ class AdminOnly(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'
# Commerce-specific permissions
class AdminWriteOnlyOrReadOnly(BasePermission):
"""Allow read for anyone, write only for admins"""
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
return request.user and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'
class AdminOnlyForPatchOtherwisePublic(BasePermission):
"""Allow GET/POST for anyone, PATCH/PUT/DELETE only for admins"""
def has_permission(self, request, view):
if request.method in SAFE_METHODS or request.method == "POST":
return True
if request.method in ["PATCH", "PUT", "DELETE"]:
return request.user and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'
# Default to admin for other unsafe methods
return request.user and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'