diff --git a/b2b/feedback/pagination.py b/b2b/feedback/pagination.py index 002b7e5..63b11f8 100644 --- a/b2b/feedback/pagination.py +++ b/b2b/feedback/pagination.py @@ -6,3 +6,9 @@ class ResponsePagination(PageNumberPagination): """Response pagination class.""" page_size = 1 + + +class MonthlyFeedbackPagination(PageNumberPagination): + """Monthly feedback pagination.""" + + page_size = 10 diff --git a/b2b/feedback/tests/test_feedback_api.py b/b2b/feedback/tests/test_feedback_api.py index 26b9e0d..1eb64f3 100644 --- a/b2b/feedback/tests/test_feedback_api.py +++ b/b2b/feedback/tests/test_feedback_api.py @@ -313,3 +313,34 @@ def test_non_client_rep_cannot_create_monthly_feedback_403( assert response.status_code == status.HTTP_403_FORBIDDEN assert MonthlyFeedback.objects.count() == 0 + + def test_sales_manager_list_monthly_feedback_200( + self, api_client, client_rep, sales_manager + ): + """Test sales manager list monthly feedback successful.""" + baker.make(Client, client_rep=client_rep, sales_manager=sales_manager) + baker.make(Client) + baker.make(MonthlyFeedback, client_rep=client_rep) + baker.make(MonthlyFeedback) + api_client.force_authenticate(user=sales_manager) + + response = api_client.get(MONTHLY_FEEDBACK_URL) + + assert response.status_code == status.HTTP_200_OK + assert Client.objects.count() == 2 + assert MonthlyFeedback.objects.count() == 2 + assert response.data["count"] == 1 + + def test_only_sales_managers_can_list_monthly_feedback_403( + self, api_client, client_rep, sample_user + ): + """Test sales manager list monthly feedback successful.""" + baker.make(Client, client_rep=client_rep, sales_manager=sample_user) + baker.make(Client) + baker.make(MonthlyFeedback, client_rep=client_rep) + baker.make(MonthlyFeedback) + api_client.force_authenticate(user=sample_user) + + response = api_client.get(MONTHLY_FEEDBACK_URL) + + assert response.status_code == status.HTTP_403_FORBIDDEN diff --git a/b2b/feedback/views.py b/b2b/feedback/views.py index 1f2fbdf..5ab11e5 100644 --- a/b2b/feedback/views.py +++ b/b2b/feedback/views.py @@ -1,4 +1,5 @@ """Views for the feedback app.""" +from django.contrib.auth import get_user_model from rest_framework.mixins import ( CreateModelMixin, DestroyModelMixin, @@ -9,7 +10,7 @@ from rest_framework.viewsets import GenericViewSet from .models import Client, MonthlyFeedback, Questionnaire, Response -from .pagination import ResponsePagination +from .pagination import MonthlyFeedbackPagination, ResponsePagination from .permissions import ( IsClientRepresentative, IsSalesManager, @@ -23,6 +24,8 @@ ResponseSerializer, ) +User = get_user_model() + class ClientViewSet( CreateModelMixin, @@ -132,13 +135,29 @@ def perform_create(self, serializer): class MonthlyFeedbackViewSet( CreateModelMixin, + ListModelMixin, GenericViewSet, ): """The monthly feedback view set.""" queryset = MonthlyFeedback.objects.all() serializer_class = MonthlyFeedbackSerializer - permission_classes = [IsClientRepresentative] + pagination_class = MonthlyFeedbackPagination + + def get_permissions(self): + """Return the appropriate permission.""" + if self.request.method in SAFE_METHODS: + return [IsSalesManager()] + return [IsClientRepresentative()] + + def get_queryset(self): + """Filter feedback for the current user.""" + current_user_clients = Client.objects.select_related( + "client_rep", "sales_manager" + ).filter(sales_manager=self.request.user) + return self.queryset.filter( + client_rep__in=[client.client_rep for client in current_user_clients] + ).order_by("-month") def perform_create(self, serializer): """Assign current user as the client rep."""