updated models and changed permissions

pennlabs · Oct 25, 2024 · 318db5c · 318db5c
1 parent 502b49c
commit 318db5c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 12 deletions.
diff --git a/backend/market/models.py b/backend/market/models.py
@@ -21,7 +21,9 @@ def __str__(self):
         return f"Offer for {self.item} made by {self.user}"
 
 
-class Category(models.TextChoices):
+class Category(models.Model):
+    '''
+    Current categories include:
     SUBLET = "sublet"
     APPLIANCE = "appliance"
     COOKWARE = "cookware"
@@ -36,6 +38,12 @@ class Category(models.TextChoices):
     TICKETS = "tickets"
     GIFTCARD = "giftcard"
     OTHER = "other"
+    '''
+    name = models.CharField(max_length=50, primary_key=True)
+
+    def __str__(self):
+        return self.name
+
 
 
 class Tag(models.Model):
@@ -47,6 +55,9 @@ def __str__(self):
 
 class Item(models.Model):
     seller = models.ForeignKey(User, on_delete=models.CASCADE)
+    buyers = models.ManyToManyField(
+        User, through=Offer, related_name="items_offered", blank=True
+    )
     tags = models.ManyToManyField(Tag, related_name="items", blank=True)
     category = models.CharField(
         max_length=50,
@@ -60,6 +71,7 @@ class Item(models.Model):
     external_link = models.URLField(max_length=255, null=True, blank=True)
     price = models.IntegerField()
     negotiable = models.BooleanField(default=True)
+    used = models.BooleanField(null=True, blank=True)
     created_at = models.DateTimeField(auto_now_add=True)
     expires_at = models.DateTimeField()
 

diff --git a/backend/market/permissions.py b/backend/market/permissions.py
@@ -13,32 +13,30 @@ def has_permission(self, request, view):
         return request.user.is_superuser
 
 
-class SubletOwnerPermission(permissions.BasePermission):
+class ItemOwnerPermission(permissions.BasePermission):
     """
-    Custom permission to allow the owner of a Sublet to edit or delete it.
+    Custom permission to allow the owner of a Item to edit or delete it.
     """
 
     def has_permission(self, request, view):
         return request.user.is_authenticated
 
     def has_object_permission(self, request, view, obj):
-        # Check if the user is the owner of the Sublet.
-        if request.method in permissions.SAFE_METHODS:
-            return True
-        return obj.subletter == request.user
+        # Check if the user is the owner of the Item.
+        return request.method in permissions.SAFE_METHODS or obj.seller == request.user
 
 
-class SubletImageOwnerPermission(permissions.BasePermission):
+class ItemImageOwnerPermission(permissions.BasePermission):
     """
-    Custom permission to allow the owner of a SubletImage to edit or delete it.
+    Custom permission to allow the owner of a ItemImage to edit or delete it.
     """
 
     def has_permission(self, request, view):
         return request.user.is_authenticated
 
     def has_object_permission(self, request, view, obj):
-        # Check if the user is the owner of the Sublet.
-        return request.method in permissions.SAFE_METHODS or obj.sublet.subletter == request.user
+        # Check if the user is the owner of the Item.
+        return request.method in permissions.SAFE_METHODS or obj.item.seller == request.user
 
 
 class OfferOwnerPermission(permissions.BasePermission):
@@ -52,6 +50,6 @@ def has_permission(self, request, view):
     def has_object_permission(self, request, view, obj):
         if request.method in permissions.SAFE_METHODS:
             # Check if the user owns the sublet when getting list
-            return obj.subletter == request.user
+            return obj.seller == request.user
         # This is redundant, here for safety
         return obj.user == request.user