diff --git a/backend/order/permissons.py b/backend/order/permissons.py index 5c05b4b..bef19d4 100644 --- a/backend/order/permissons.py +++ b/backend/order/permissons.py @@ -23,4 +23,18 @@ class GetOrderPermission(BasePermission): if obj.status == 'CART': self.message = "سفارش در وضعیت سبد خرید است" return False - return True \ No newline at end of file + return True + + + +from rest_framework.permissions import BasePermission + +class SetAddressPermissions(BasePermission): + message = "این ادرس متعلق به شما نیست." + + def has_object_permission(self, request, view, obj): + if obj.user != request.user: + self.message = "این ادرس متعلق به شما نیست." + return False + return True + \ No newline at end of file diff --git a/backend/order/urls.py b/backend/order/urls.py index e81de18..6ec9fd4 100644 --- a/backend/order/urls.py +++ b/backend/order/urls.py @@ -1,12 +1,13 @@ from django.conf.urls.static import static from django.contrib import admin from django.urls import path, include -from .views import CartItemViews, CartView, OrderlistView, CartItemClear, ApplyDiscountView, OrderGetView +from .views import CartItemViews, CartView, OrderlistView, CartItemClear, ApplyDiscountView, OrderGetView, SetAddressForCartView from .views import PaymentView, callback_view urlpatterns = [ path('all', OrderlistView.as_view(), name='order-list'), path('cart', CartView.as_view()), + path('cart/set-address', SetAddressForCartView.as_view()), path('cart/discount', ApplyDiscountView.as_view()), path('cart/all', CartItemClear.as_view()), path('cart/item/', CartItemViews.as_view(), name='change-item-cart'), diff --git a/backend/order/views.py b/backend/order/views.py index 060326a..5e32129 100644 --- a/backend/order/views.py +++ b/backend/order/views.py @@ -7,13 +7,16 @@ from .serializers import * # from cart.models import from rest_framework import status from .models import OrderItemModel, OrderModel, DiscountCode -from .permissons import CanDeleteCartItemPermissions, GetOrderPermission +from .permissons import CanDeleteCartItemPermissions, GetOrderPermission, SetAddressPermissions from azbankgateways import bankfactories, models as bank_models from azbankgateways.exceptions import AZBankGatewaysException from drf_spectacular.utils import extend_schema, OpenApiParameter, OpenApiTypes from utils.pagination import StructurePagination from order.models import OrderModel from django.urls import reverse +from account.models import UserAddressModel + + # try: # pass # except DiscountNotAvailableError: @@ -249,4 +252,29 @@ def callback_view(request): return HttpResponse( "پرداخت با شکست مواجه شده است. اگر پول کم شده است ظرف مدت ۴۸ ساعت پول به حساب شما بازخواهد گشت." - ) \ No newline at end of file + ) + + + +class SetAddressSerilizer(serializers.Serializer): + address_id = serializers.IntegerField() + +class SetAddressForCartView(APIView): + serializer_class = SetAddressSerilizer + permission_classes = [IsAuthenticated, SetAddressPermissions] + def post(self, request): + address_id = request.data.get('address_id', None) + if not address_id: + return Response({'detail': 'address_id را ارسال کنید'}, status=status.HTTP_400_BAD_REQUEST) + address_object = get_object_or_404(UserAddressModel, pk=address_id) + permission = SetAddressPermissions() + if not permission.has_object_permission(request, self, address_object): + return Response({"detail": permission.message}, status=status.HTTP_403_FORBIDDEN) + + cart_order, created = OrderModel.objects.get_or_create( + user=request.user, + status='CART' + ) + cart_order.address = address_object + cart_order.save() + return Response({'detail': 'ادرس با موفقیت انتخاب شد'}) \ No newline at end of file